Make environment of migrate job identical to the regular web container deployment, as it should be.

See changelog
Merge branch 'UltherEgo-master-patch-92170' into 'master'
2024-09-06 12:10:50 +00:00 · 2024-07-15 16:11:52 -04:00 · 2024-07-15 14:45:24 +00:00 · 2024-07-15 14:45:24 +00:00 · 2024-07-15 14:27:26 +00:00 · 2024-07-15 14:26:22 +00:00
23 changed files with 425 additions and 89 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -0,0 +1,9 @@
+No release is stable. Do not use in production.
+
+# Unreleased
+
+# 1.0.0
+
+- Add volume mounts
+- Latest major postgres/redis versions
+- Rename preInstall to migrateJob
--- a/Chart.lock
+++ b/Chart.lock
@ -1,9 +1,9 @@
 dependencies:
 - name: postgresql
  repository: https://charts.bitnami.com/bitnami
-  version: 11.6.6
+  version: 15.5.16
 - name: redis
  repository: https://charts.bitnami.com/bitnami
-  version: 16.12.2
-digest: sha256:2d69e862253eac627fc5d2c2f17b3d56b22f605d2dae33cd3719faf414f98b50
-generated: "2022-06-16T16:23:19.85041101-04:00"
+  version: 19.6.1
+digest: sha256:5e21575062cdcef4e947b4f89741e95138d93207f91d5074d53397d9c414f0a1
+generated: "2024-07-15T13:58:06.767935373-04:00"
--- a/Chart.yaml
+++ b/Chart.yaml
@ -14,7 +14,7 @@ type: application

 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
-version: 0.1.0
+version: 1.0.0

 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application.
@ -22,10 +22,10 @@ appVersion: 1.0.0

 dependencies:
  - name: postgresql
-    version: ~11.6.6
+    version: ^15.5.16
    repository: https://charts.bitnami.com/bitnami
    condition: postgresql.enabled
  - name: redis
-    version: ~16.12.2
+    version: ^19.6.1
    repository: https://charts.bitnami.com/bitnami
    condition: redis.enabled
--- a/README.md
+++ b/README.md
@ -1,6 +1,8 @@
 # Django Helm Chart

-A generic Django (plus Celery) Helm chart.
+A generic Django (plus Celery) Helm chart demonstration. Do not use directly in production.
+
+Contributions may be accepted as merge requests. Be respectful of my time. I will not review if I do not have time. Fork the project instead. Please only open issues that you'd like to implement yourself or fund. Do not open support or feature requests. This chart is **not** intended to cover every use case with Django and Helm. It's a personal project that you are welcome to view and fork. Breaking changes to your workflow may happen at any time and without warning.

 # Preparing your Django app

@ -37,17 +39,17 @@ Remember that Kubernetes "args" are Docker's CMD (or command). Pretty confusing!

 # Usage

+Use only for demonstration purposes. Fork the repo for production.
+
 1. Add our Helm chart repo `helm repo add django https://gitlab.com/api/v4/projects/26807467/packages/helm/stable`
 2. Review our values.yaml. At a minimum you'll need to set env.secret.SECRET_KEY and env.secret.DATABASE_URL.
 3. Install the chart `helm install your-app django/django -f your-values.yml`

 # Tips

- Do you really need kubernetes?
 - Use [helm diff](https://github.com/databus23/helm-diff). One typo will wipe your app without warning otherwise.
- While supported, I don't suggest running stateful services like PostgreSQL in kubernetes. There is no clean way to run major upgrades.
- It's fine to use this chart as a reference for your own chart instead of directly using it.
- I don't publish changelogs at this time. You may wish to fork this repo.
+- Stateful services like PostgreSQL in kubernetes are only partially supported. There is no clean way to run major upgrades. I don't recommend using them.
+- Fork instead of using this directly.

 ## Managing environment variables and secrets

@ -56,6 +58,7 @@ I suggest either
 - Keep them in a values.yml file in a private repo
 - Make use of --reuse-values and --set
 - Keep them in a non helm chart managed service
+- Use the opentofu helm provider, with a secure state backend or encrypted state.

 ## Deploying in CI

@ -70,6 +73,4 @@ Maintaining this chart takes time. Considering supporting it by

 Commercial support is available - email info@burkesoftware.com

-# Contributing
-
-Contributions are welcome. Report bugs on GitLab issues. Please only open feature requests that you'd like to implement yourself or pay for.
+If you want the scope of this project to include more, such as better merge request review or stable releases. You should consider forking it, talk to me about being a maintainer, or fund it.
--- a/charts/postgresql-11.6.6.tgz
+++ b/charts/postgresql-11.6.6.tgz
--- a/charts/postgresql-15.5.16.tgz
+++ b/charts/postgresql-15.5.16.tgz
--- a/charts/redis-16.12.2.tgz
+++ b/charts/redis-16.12.2.tgz
--- a/charts/redis-19.6.1.tgz
+++ b/charts/redis-19.6.1.tgz
--- a/templates/_helpers.tpl
+++ b/templates/_helpers.tpl
@ -72,7 +72,7 @@ We truncate at 63 chars because some Kubernetes name fields are limited to this
 {{- else -}}
 {{- $name := default .Chart.Name .Values.postgresql.nameOverride -}}
 {{- if contains $name .Release.Name -}}
-{{- .Release.Name | trunc 63 | trimSuffix "-" -}}
+{{- .Release.Name | trunc 63 | trimSuffix "-" -}}-postgresql
 {{- else -}}
 {{- printf "%s-%s" .Release.Name "postgresql" | trunc 63 | trimSuffix "-" -}}
 {{- end -}}
--- a/templates/_tplvalues.tpl
+++ b/templates/_tplvalues.tpl
@ -0,0 +1,12 @@
+{{/*
+Renders a value that contains template.
+Usage:
+{{ include "common.tplvalues.render" ( dict "value" .Values.path.to.the.Value "context" $) }}
+*/}}
+{{- define "common.tplvalues.render" -}}
+    {{- if typeIs "string" .value }}
+        {{- tpl .value .context }}
+    {{- else }}
+        {{- tpl (.value | toYaml) .context }}
+    {{- end }}
+{{- end -}}
--- a/templates/beat/deployment.yaml
+++ b/templates/beat/deployment.yaml
@ -19,6 +19,9 @@ spec:
        checksum/secret: {{ include (print $.Template.BasePath "/secrets.yaml") . | sha256sum }}
        checksum/configmap: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }}
        tag: "{{ .Values.image.tag }}"
+        {{- if .Values.beat.podAnnotations }}
+        {{- include "common.tplvalues.render" ( dict "value" .Values.beat.podAnnotations "context" $ ) | nindent 8 }}
+        {{- end }}
      labels:
        {{- include "django.selectorLabels" . | nindent 8 }}
        app.kubernetes.io/component: beat
@ -39,12 +42,7 @@ spec:
          image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
          imagePullPolicy: {{ .Values.image.pullPolicy }}
          resources:
-            limits:
-              cpu: 50m
-              memory: 96Mi
-            requests:
-              cpu: 1m
-              memory: 32Mi
+            {{- toYaml .Values.beat.resources | nindent 12 }}
          env:
            - name: SERVER_ROLE
              value: "beat"
@ -52,13 +50,37 @@ spec:
            - name: DATABASE_PASSWORD
              valueFrom:
                secretKeyRef:
-                  name: {{ include "django.postgresql.fullname" . }}
+                  name: {{ default (include "django.postgresql.fullname" .) .Values.postgresql.auth.existingSecret }}
                  key: postgres-password
 {{- end }}
          envFrom:
            - secretRef:
                name: {{ include "django.fullname" . }}
+            {{- if .Values.existingSecret }}
+            - secretRef:
+                name: {{ .Values.existingSecret }}
+            {{- end }}
            - configMapRef:
                name: {{ include "django.fullname" . }}
+          {{- with .Values.extraVolumeMounts }}
+          volumeMounts:
+            {{- toYaml . | nindent 10 }}
+          {{- end }}
+      {{- with .Values.beat.nodeSelector }}
+      nodeSelector:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.beat.affinity }}
+      affinity:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.beat.tolerations }}
+      tolerations:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.extraVolumes }}
+      volumes:
+        {{- toYaml . | nindent 6 }}
+      {{- end }}
 {{- end }}
 {{- end }}
--- a/templates/configmap.yaml
+++ b/templates/configmap.yaml
@ -7,12 +7,12 @@ metadata:
  annotations:
    "helm.sh/hook-weight": "-1"
 data:
-{{- range $k, $v := .Values.env.normal }}
-  {{ $k }}: {{ $v | quote }}
-{{- end }}
 {{- if .Values.postgresql.enabled }}
  DATABASE_HOST: {{ include "django.postgresql.host" . | quote }}
  DATABASE_USER: {{ include "django.postgresql.username" . | quote }}
  DATABASE_NAME: {{ include "django.postgresql.name" . | quote }}
  DATABASE_PORT: {{ include "django.postgresql.port" . | quote }}
 {{- end }}
+{{- range $k, $v := .Values.env.normal }}
+  {{ $k }}: {{ $v | quote }}
+{{- end }}
--- a/templates/flower/deployment.yaml
+++ b/templates/flower/deployment.yaml
@ -0,0 +1,72 @@
+{{- if .Values.flower.enabled -}}
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ include "django.fullname" . }}-flower
+  labels:
+    {{- include "django.labels" . | nindent 4 }}
+    app.kubernetes.io/component: flower 
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      {{- include "django.selectorLabels" . | nindent 6 }}
+      app.kubernetes.io/component: flower
+  template:
+    metadata:
+      annotations:
+        checksum/secret: {{ include (print $.Template.BasePath "/secrets.yaml") . | sha256sum }}
+        checksum/configmap: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }}
+        {{- if .Values.flower.podAnnotations }}
+        {{- include "common.tplvalues.render" ( dict "value" .Values.flower.podAnnotations "context" $ ) | nindent 8 }}
+        {{- end }}
+      labels:
+        {{- include "django.selectorLabels" . | nindent 8 }}
+        app.kubernetes.io/component: flower
+    spec:
+    {{- with .Values.flower.imagePullSecrets }}
+      imagePullSecrets:
+        {{- toYaml . | nindent 8 }}
+    {{- end }}
+      securityContext:
+        {{- toYaml .Values.podSecurityContext | nindent 8 }}
+      containers:
+        - name: {{ .Chart.Name }}
+          {{- if .Values.flower.args }}
+          args: {{- toYaml .Values.flower.args | nindent 10}}
+          {{- end }}
+          securityContext:
+            {{- toYaml .Values.securityContext | nindent 12 }}
+          image: "{{ .Values.flower.image.repository }}:{{ .Values.flower.image.tag }}"
+          imagePullPolicy: {{ .Values.flower.image.pullPolicy }}
+          ports:
+          - containerPort: 5555
+            name: http
+            protocol: TCP
+          resources:
+            {{- toYaml .Values.flower.resources | nindent 12 }}
+          env:
+            - name: SERVER_ROLE
+              value: "flower"
+          envFrom:
+            - secretRef:
+                name: {{ include "django.fullname" . }}
+            {{- if .Values.existingSecret }}
+            - secretRef:
+                name: {{ .Values.existingSecret }}
+            {{- end }}
+            - configMapRef:
+                name: {{ include "django.fullname" . }}
+      {{- with .Values.flower.nodeSelector }}
+      nodeSelector:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.flower.affinity }}
+      affinity:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.flower.tolerations }}
+      tolerations:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+{{- end }}
--- a/templates/flower/ingress.yaml
+++ b/templates/flower/ingress.yaml
@ -0,0 +1,66 @@
+{{- if .Values.flower.ingress.enabled -}}
+{{- $fullName := include "django.fullname" . -}}
+{{- $svcPort := .Values.flower.service.port -}}
+{{- if and .Values.flower.ingress.className (not (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion)) }}
+  {{- if not (hasKey .Values.flower.ingress.annotations "kubernetes.io/ingress.class") }}
+  {{- $_ := set .Values.flower.ingress.annotations "kubernetes.io/ingress.class" .Values.flower.ingress.className}}
+  {{- end }}
+{{- end }}
+{{- if semverCompare ">=1.19-0" .Capabilities.KubeVersion.GitVersion -}}
+apiVersion: networking.k8s.io/v1
+{{- else if semverCompare ">=1.14-0" .Capabilities.KubeVersion.GitVersion -}}
+apiVersion: networking.k8s.io/v1beta1
+{{- else -}}
+apiVersion: extensions/v1beta1
+{{- end }}
+kind: Ingress
+metadata:
+  name: {{ $fullName }}-flower
+  labels:
+    {{- include "django.labels" . | nindent 4 }}
+  {{- with .Values.flower.ingress.annotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+spec:
+  {{- if and .Values.flower.ingress.className (semverCompare ">=1.18-0" .Capabilities.KubeVersion.GitVersion) }}
+  ingressClassName: {{ .Values.flower.ingress.className }}
+  {{- end }}
+  {{- if .Values.flower.ingress.tls }}
+  tls:
+    {{- range .Values.flower.ingress.tls }}
+    - hosts:
+        {{- range .hosts }}
+        - {{ . | quote }}
+        {{- end }}
+      secretName: {{ .secretName }}
+    {{- end }}
+  {{- end }}
+  rules:
+    {{- range .Values.flower.ingress.hosts }}
+    - host: {{ .host | quote }}
+      http:
+        paths:
+          {{- range .paths }}
+          - path: {{ .path }}
+            {{- if and .pathType (semverCompare ">=1.18-0" $.Capabilities.KubeVersion.GitVersion) }}
+            pathType: {{ .pathType }}
+            {{- end }}
+            {{- if .backend }}
+            backend:
+              {{- toYaml .backend | nindent 14 }}
+            {{- else }}
+            backend:
+              {{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.GitVersion }}
+              service:
+                name: {{ $fullName }}-flower
+                port:
+                  number: {{ $svcPort }}
+              {{- else }}
+              serviceName: {{ $fullName }}
+              servicePort: {{ $svcPort }}
+              {{- end }}
+            {{- end }}
+          {{- end }}
+    {{- end }}
+{{- end }}
--- a/templates/flower/service.yaml
+++ b/templates/flower/service.yaml
@ -0,0 +1,18 @@
+{{- if .Values.flower.enabled -}}
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ include "django.fullname" . }}-flower
+  labels:
+    {{- include "django.labels" . | nindent 4 }}
+spec:
+  type: {{ .Values.flower.service.type }}
+  ports:
+    - port: {{ .Values.flower.service.port }}
+      targetPort: http
+      protocol: TCP
+      name: http
+  selector:
+    {{- include "django.selectorLabels" . | nindent 4 }}
+    app.kubernetes.io/component: flower 
+{{- end }}
--- a/templates/migrate-job.yaml
+++ b/templates/migrate-job.yaml
@ -0,0 +1,66 @@
+{{- if .Values.migrationJob.enabled -}}
+apiVersion: batch/v1
+kind: Job
+metadata:
+  name: {{ include "django.fullname" . }}-migrate
+  labels:
+    {{- include "django.labels" . | nindent 4 }}
+  annotations:
+    "helm.sh/hook": post-install,pre-upgrade
+    "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
+    "helm.sh/hook-weight": "0"
+    checksum/secret: {{ include (print $.Template.BasePath "/secrets.yaml") . | sha256sum }}
+    checksum/configmap: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }}
+    tag: "{{ .Values.image.tag }}"
+spec:
+  activeDeadlineSeconds: {{ default 900 .Values.migrationJob.activeDeadlineSeconds }}
+  template:
+    metadata:
+      labels:
+        app.kubernetes.io/component: migrate-job
+        {{- include "django.selectorLabels" . | nindent 8 }}
+    spec:
+    {{- with .Values.imagePullSecrets }}
+      imagePullSecrets:
+        {{- toYaml . | nindent 8 }}
+    {{- end }}
+      serviceAccountName: {{ include "django.serviceAccountName" . }}
+      restartPolicy: Never
+      securityContext:
+        {{- toYaml .Values.podSecurityContext | nindent 8 }}
+      containers:
+      - name: migrate-job
+        securityContext:
+            {{- toYaml .Values.securityContext | nindent 12 }}
+        image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
+        imagePullPolicy: {{ .Values.image.pullPolicy }}
+        {{- if .Values.migrationJob.resources }}        
+        resources: {{ toYaml .Values.migrationJob.resources | nindent 12 }}
+        {{- end }}
+        command: {{ .Values.migrationJob.command | default (list "./manage.py" "migrate") | toJson }}
+        env:
+{{- if .Values.postgresql.enabled }}
+          - name: DATABASE_PASSWORD
+            valueFrom:
+              secretKeyRef:
+                name: {{ default (include "django.postgresql.fullname" .) .Values.postgresql.auth.existingSecret }}
+                key: postgres-password
+{{- end }}
+        envFrom:
+          - secretRef:
+              name: {{ include "django.fullname" . }}
+          {{- if .Values.existingSecret }}
+          - secretRef:
+              name: {{ .Values.existingSecret }}
+          {{- end }}
+          - configMapRef:
+              name: {{ include "django.fullname" . }}
+        {{- with .Values.extraVolumeMounts }}
+        volumeMounts:
+          {{- toYaml . | nindent 8 }}
+        {{- end }}
+      {{- with .Values.extraVolumes }}
+      volumes:
+        {{- toYaml . | nindent 6 }}
+      {{- end }}
+{{- end }}
--- a/templates/pre-install-job.yaml
+++ b/templates/pre-install-job.yaml
@ -1,50 +0,0 @@
-apiVersion: batch/v1
-kind: Job
-metadata:
-  name: {{ include "django.fullname" . }}
-  labels:
-    {{- include "django.labels" . | nindent 4 }}
-  annotations:
-    "helm.sh/hook": post-install,pre-upgrade
-    "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded
-    "helm.sh/hook-weight": "0"
-    checksum/secret: {{ include (print $.Template.BasePath "/secrets.yaml") . | sha256sum }}
-    checksum/configmap: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }}
-    tag: "{{ .Values.image.tag }}"
-spec:
-  activeDeadlineSeconds: 600
-  template:
-    spec:
-    {{- with .Values.imagePullSecrets }}
-      imagePullSecrets:
-        {{- toYaml . | nindent 8 }}
-    {{- end }}
-      restartPolicy: Never
-      containers:
-      - name: pre-install-job
-        image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
-        imagePullPolicy: {{ .Values.image.pullPolicy }}
-        command: ["./manage.py","migrate"]
-        env:
-          - name: DEBUG
-            value: "False"
-{{- if .Values.env.secret.DATABASE_URL }}
-          - name: DATABASE_URL
-            value: {{ .Values.env.secret.DATABASE_URL }}
-{{- end }}
-{{- if .Values.postgresql.enabled }}
-          - name: DATABASE_PASSWORD
-            valueFrom:
-              secretKeyRef:
-                name: {{ include "django.postgresql.fullname" . }}
-                key: postgres-password
-{{- end }}
-          - name: SECRET_KEY
-            value: {{ required "env.secret.SECRET_KEY is a required value." .Values.env.secret.SECRET_KEY }}
-        {{- range $k, $v := .Values.env.normal }}
-          - name: {{ $k }}
-            value: {{ $v | quote }}
-        {{- end }}
-        envFrom:
-          - configMapRef:
-              name: {{ include "django.fullname" . }}
--- a/templates/web/deployment.yaml
+++ b/templates/web/deployment.yaml
@ -19,6 +19,9 @@ spec:
        checksum/secret: {{ include (print $.Template.BasePath "/secrets.yaml") . | sha256sum }}
        checksum/configmap: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }}
        tag: "{{ .Values.image.tag }}"
+        {{- if .Values.web.podAnnotations }}
+        {{- include "common.tplvalues.render" ( dict "value" .Values.web.podAnnotations "context" $ ) | nindent 8 }}
+        {{- end }}
      labels:
        {{- include "django.selectorLabels" . | nindent 8 }}
        app.kubernetes.io/component: web
@ -68,14 +71,22 @@ spec:
            - name: DATABASE_PASSWORD
              valueFrom:
                secretKeyRef:
-                  name: {{ include "django.postgresql.fullname" . }}
+                  name: {{ default (include "django.postgresql.fullname" .) .Values.postgresql.auth.existingSecret }}
                  key: postgres-password
 {{- end }}
          envFrom:
            - secretRef:
                name: {{ include "django.fullname" . }}
+            {{- if .Values.existingSecret }}
+            - secretRef:
+                name: {{ .Values.existingSecret }}
+            {{- end }}
            - configMapRef:
                name: {{ include "django.fullname" . }}
+          {{- with .Values.extraVolumeMounts }}
+          volumeMounts:
+            {{- toYaml . | nindent 10 }}
+          {{- end }}
      {{- with .Values.web.nodeSelector }}
      nodeSelector:
        {{- toYaml . | nindent 8 }}
@ -88,3 +99,7 @@ spec:
      tolerations:
        {{- toYaml . | nindent 8 }}
    {{- end }}
+      {{- with .Values.extraVolumes }}
+      volumes:
+        {{- toYaml . | nindent 6 }}
+      {{- end }}
--- a/templates/web/hpa.yaml
+++ b/templates/web/hpa.yaml
@ -1,5 +1,5 @@
 {{- if .Values.web.autoscaling.enabled -}}
-apiVersion: autoscaling/v2beta1
+apiVersion: autoscaling/v2
 kind: HorizontalPodAutoscaler
 metadata:
  name: {{ template "django.fullname" . }}-web
@ -13,16 +13,20 @@ spec:
  minReplicas: {{ .Values.web.autoscaling.minReplicas }}
  maxReplicas: {{ .Values.web.autoscaling.maxReplicas }}
  metrics:
-    {{- if .Values.web.autoscaling.targetCPUUtilizationPercentage }}
+    {{- if .Values.web.autoscaling.targetCPU }}
    - type: Resource
      resource:
        name: cpu
-        targetAverageUtilization: {{ .Values.web.autoscaling.targetCPUUtilizationPercentage }}
+        target:
+          type: "Utilization"
+          averageUtilization: {{ .Values.web.autoscaling.targetCPU }}
    {{- end }}
-    {{- if .Values.web.autoscaling.targetMemoryUtilizationPercentage }}
+    {{- if .Values.web.autoscaling.targetMemory }}
    - type: Resource
      resource:
        name: memory
-        targetAverageUtilization: {{ .Values.web.autoscaling.targetMemoryUtilizationPercentage }}
+        target:
+          type: "Utilization"
+          averageUtilization: {{ .Values.web.autoscaling.targetMemory }}
    {{- end }}
 {{- end }}
--- a/templates/web/ingress.yaml
+++ b/templates/web/ingress.yaml
@ -46,6 +46,10 @@ spec:
            {{- if and .pathType (semverCompare ">=1.18-0" $.Capabilities.KubeVersion.GitVersion) }}
            pathType: {{ .pathType }}
            {{- end }}
+            {{- if .backend }}
+            backend:
+              {{- toYaml .backend | nindent 14 }}
+            {{- else }}
            backend:
              {{- if semverCompare ">=1.19-0" $.Capabilities.KubeVersion.GitVersion }}
              service:
@ -56,6 +60,7 @@ spec:
              serviceName: {{ $fullName }}
              servicePort: {{ $svcPort }}
              {{- end }}
+            {{- end }}
          {{- end }}
    {{- end }}
 {{- end }}
--- a/templates/worker/deployment.yaml
+++ b/templates/worker/deployment.yaml
@ -18,6 +18,9 @@ spec:
        checksum/secret: {{ include (print $.Template.BasePath "/secrets.yaml") . | sha256sum }}
        checksum/configmap: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }}
        tag: "{{ .Values.image.tag }}"
+        {{- if .Values.worker.podAnnotations }}
+        {{- include "common.tplvalues.render" ( dict "value" .Values.worker.podAnnotations "context" $ ) | nindent 8 }}
+        {{- end }}
      labels:
        {{- include "django.selectorLabels" . | nindent 8 }}
        app.kubernetes.io/component: worker
@ -26,6 +29,7 @@ spec:
      imagePullSecrets:
        {{- toYaml . | nindent 8 }}
    {{- end }}
+      serviceAccountName: {{ include "django.serviceAccountName" . }}
      securityContext:
        {{- toYaml .Values.podSecurityContext | nindent 8 }}
      containers:
@ -37,6 +41,10 @@ spec:
            {{- toYaml .Values.securityContext | nindent 12 }}
          image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}"
          imagePullPolicy: {{ .Values.image.pullPolicy }}
+          {{- if .Values.worker.livenessProbe }}
+          livenessProbe:
+            {{- .Values.worker.livenessProbe | toYaml | nindent 12 }}
+          {{- end }}
          resources:
            {{- toYaml .Values.worker.resources | nindent 12 }}
          env:
@ -46,14 +54,22 @@ spec:
            - name: DATABASE_PASSWORD
              valueFrom:
                secretKeyRef:
-                  name: {{ include "django.postgresql.fullname" . }}
+                  name: {{ default (include "django.postgresql.fullname" .) .Values.postgresql.auth.existingSecret }}
                  key: postgres-password
 {{- end }}
          envFrom:
            - secretRef:
                name: {{ include "django.fullname" . }}
+            {{- if .Values.existingSecret }}
+            - secretRef:
+                name: {{ .Values.existingSecret }}
+            {{- end }}
            - configMapRef:
                name: {{ include "django.fullname" . }}
+          {{- with .Values.extraVolumeMounts }}
+          volumeMounts:
+            {{- toYaml . | nindent 10 }}
+          {{- end }}
      {{- with .Values.worker.nodeSelector }}
      nodeSelector:
        {{- toYaml . | nindent 8 }}
@ -66,4 +82,8 @@ spec:
      tolerations:
        {{- toYaml . | nindent 8 }}
    {{- end }}
+      {{- with .Values.extraVolumes }}
+      volumes:
+        {{- toYaml . | nindent 6 }}
+      {{- end }}
 {{- end }}
--- a/templates/worker/hpa.yaml
+++ b/templates/worker/hpa.yaml
@ -1,5 +1,5 @@
 {{- if .Values.worker.autoscaling.enabled -}}
-apiVersion: autoscaling/v2beta1
+apiVersion: autoscaling/v2
 kind: HorizontalPodAutoscaler
 metadata:
  name: {{ template "django.fullname" . }}-worker
@ -13,16 +13,20 @@ spec:
  minReplicas: {{ .Values.worker.autoscaling.minReplicas }}
  maxReplicas: {{ .Values.worker.autoscaling.maxReplicas }}
  metrics:
-    {{- if .Values.worker.autoscaling.targetCPUUtilizationPercentage }}
+    {{- if .Values.worker.autoscaling.targetCPU }}
    - type: Resource
      resource:
        name: cpu
-        targetAverageUtilization: {{ .Values.worker.autoscaling.targetCPUUtilizationPercentage }}
+        target:
+          type: "Utilization"
+          averageUtilization: {{ .Values.worker.autoscaling.targetCPU }}
    {{- end }}
-    {{- if .Values.worker.autoscaling.targetMemoryUtilizationPercentage }}
+    {{- if .Values.worker.autoscaling.targetMemory }}
    - type: Resource
      resource:
        name: memory
-        targetAverageUtilization: {{ .Values.worker.autoscaling.targetMemoryUtilizationPercentage }}
+        target:
+          type: "Utilization"
+          averageUtilization: {{ .Values.worker.autoscaling.targetMemory }}
    {{- end }}
 {{- end }}
--- a/values.yaml
+++ b/values.yaml
@ -11,6 +11,14 @@ imagePullSecrets: []
 nameOverride: ""
 fullnameOverride: ""

+migrationJob:
+  enabled: true
+  command: []  # Default ./manage.py migrate
+  activeDeadlineSeconds: 900
+  resources:
+    limits: {}
+    requests: {}
+
 env:
  normal: {}
  secret: {}
@ -18,6 +26,10 @@ env:
    # DATABASE_URL:
    # REDIS_URL:

+existingSecret: ""
+extraVolumeMounts: []
+extraVolumes: []
+
 web:
  replicaCount: 2
  port: 8080
@ -39,6 +51,7 @@ web:
      memory: 128Mi
  nodeSelector: {}
  tolerations: []
+  podAnnotations: {}
  affinity: {}
    # podAntiAffinity:
    #   preferredDuringSchedulingIgnoredDuringExecution:
@ -90,6 +103,15 @@ worker:
    maxReplicas: 100
    targetCPUUtilizationPercentage: 90
    # targetMemoryUtilizationPercentage: 80
+  livenessProbe: {}
+    # initialDelaySeconds: 10
+    # periodSeconds: 60
+    # timeoutSeconds: 30
+    # exec:
+    #   command:
+    #     - "bash"
+    #     - "-c"
+    #     - "celery -A django inspect ping -d celery@$HOSTNAME | grep -q OK"
  resources:
    limits:
      cpu: 900m
@ -99,10 +121,58 @@ worker:
      memory: 128Mi
  nodeSelector: {}
  tolerations: []
+  podAnnotations: {}
  affinity: {}

 beat:
  enabled: true
+  resources:
+    limits:
+      cpu: 100m
+      memory: 120Mi
+    requests:
+      cpu: 1m
+      memory: 90Mi
+  nodeSelector: {}
+  tolerations: []
+  podAnnotations: {}
+  affinity: {}
+
+flower:
+  enabled: false
+  image:
+    repository: mher/flower
+    tag: latest
+    pullPolicy: IfNotPresent
+  resources:
+    limits:
+      cpu: 500m
+      memory: 512Mi
+    requests:
+      cpu: 50m
+      memory: 256Mi
+  nodeSelector: {}
+  tolerations: []
+  podAnnotations: {}
+  affinity: {}
+  service:
+    type: ClusterIP
+    port: 80
+  ingress:
+    enabled: false
+    annotations:
+      {}
+      # kubernetes.io/ingress.class: nginx
+      # kubernetes.io/tls-acme: "true"
+    hosts:
+      - host: chart-example.local
+        paths:
+          - path: /
+            pathType: ImplementationSpecific
+    tls: []
+    #  - secretName: chart-example-tls
+    #    hosts:
+    #      - chart-example.local

 serviceAccount:
  # Specifies whether a service account should be created
@ -124,4 +194,6 @@ redis:
 # Default to disabled, use a managed database service. But can be enabled here.
 postgresql:
  enabled: false
-  postgresqlPassword: # Must be set
+  #auth:
+  #  postgresqlPassword: # Must be set
+
Author	SHA1	Message	Date
Kevin Alberts	4c7256e5c9	Make environment of migrate job identical to the regular web container deployment, as it should be.	2024-09-06 12:10:50 +00:00
David Burke	74288199f6	See changelog	2024-07-15 16:11:52 -04:00
David Burke	af39eedea8	Merge branch 'UltherEgo-master-patch-92170' into 'master' Added the declaration of resources in pre-install-job.yaml See merge request burke-software/django-helm-chart!10	2024-07-15 14:45:24 +00:00
UltherEgo	8f7dcc0a74	Added the declaration of resources in pre-install-job.yaml	2024-07-15 14:45:24 +00:00
David Burke	8358d4a9f6	Merge branch 'melanger-master-patch-69344' into 'master' fix: add security context to pre-install-job See merge request burke-software/django-helm-chart!16	2024-07-15 14:27:26 +00:00
David Burke	c025d66347	Merge branch 'service-account-for-pre-install-job' into 'master' Add ServiceAccount to pre-install-job See merge request burke-software/django-helm-chart!18	2024-07-15 14:26:22 +00:00
Tim Bromm	e07bd0e7ce	add ServiceAccount to pre-install-job template	2024-05-23 09:50:12 +00:00
melanger	85fa6fb881	fix: add security context to pre-install-job	2024-04-04 08:18:58 +00:00
David Burke	0d5921af5e	Merge branch 'flower-docker' into 'master' Default to mher/flower See merge request burke-software/django-helm-chart!9	2023-10-04 13:24:40 +00:00
David Burke	0198481d94	Use default values for flower image	2023-10-04 09:24:09 -04:00
David Burke	78eb71eb37	Use upstream flower docker image	2023-10-03 21:19:35 -04:00
David Burke	3099e678fc	Allow more configuration of celery liveness probe	2023-05-19 10:40:39 -04:00
David Burke	466648631f	Wrong bash syntax	2023-04-20 21:05:05 -04:00
David Burke	ab1ff087d2	Add optional celery liveness check	2023-04-20 20:34:16 -04:00
David Burke	01748f59da	0.3.1	2023-02-22 20:27:09 -05:00
David Burke	95717ec228	Add bitnami style podAnnotations	2023-02-20 10:57:45 -05:00
David Burke	98f6e139ee	Merge branch 'service-account-for-worker' into 'master' Adds setting of a service account for the worker. See merge request burke-software/django-helm-chart!7	2023-01-16 21:59:51 +00:00
Hannah Rittich	72573d978c	Adds setting of a service account for the worker.	2023-01-16 13:15:40 +01:00
David Burke	82b457b9da	Add values for flower	2023-01-14 16:25:17 -05:00
David Burke	bad619b441	Add flower ingress and port	2023-01-14 16:24:15 -05:00
David Burke	0e92508ac3	Add flower (disabled by default)	2023-01-13 16:03:38 -05:00
David Burke	7144d26954	Update hpa version	2022-12-23 10:21:07 -05:00
David Burke	788906385b	Add options to pre-install job	2022-11-29 20:56:01 -05:00
David Burke	ccfcb1bc23	Update dependencies	2022-11-17 10:22:38 -05:00
David Burke	ae6a678c8e	Merge branch 'master' into 'master' Add existingSecret option, align postgres PW handling See merge request burke-software/django-helm-chart!6	2022-11-17 14:38:44 +00:00
c4tz	2fc2751d75	add existingSecret option, align postgres PW handling	2022-11-16 15:22:32 +01:00
David Burke	9960f52561	Specify beat resources	2022-08-24 14:25:24 -04:00
David Burke	44ed6ba81f	Make beat resources configurable	2022-08-24 14:18:10 -04:00
David Burke	383f70c898	Allow (optional) customizing ingress backend	2022-08-19 11:06:40 -04:00
David Burke	bd023cd048	Update chart depends	2022-08-17 15:47:45 -04:00
David Burke	e55c49432c	Merge branch 'master' into 'master' env.normal should override chart defined variables See merge request burke-software/django-helm-chart!5	2022-07-21 14:15:44 +00:00
martin milon	c50bfb5650	env.normal should override chart defined variables	2022-07-21 14:15:43 +00:00
David Burke	d53f3f209d	Update README.md to be more clear that I'm not providing you with free support and you should fork this repo instead of opening feature requests for features I don't care about.	2022-07-20 14:25:49 +00:00
David Burke	efb78f81f9	Merge branch 'ddelange1-ddelange1-master-patch-27815-patch-19645' into 'master' Fix indentation for beat See merge request burke-software/django-helm-chart!4	2022-07-20 14:03:13 +00:00
ddelange	0b34aa7469	Fix indentation for beat	2022-07-20 14:03:13 +00:00
David Burke	b574d0dcf7	Update the chart version, not the app version	2022-07-19 20:59:12 -04:00
David Burke	62e9c0cb4c	Update chart dependencies	2022-07-19 20:55:29 -04:00
David Burke	4c288dd31b	Merge branch 'ddelange1-master-patch-27815' into 'master' Add nodeSelector, tolerations, affinity to beat See merge request burke-software/django-helm-chart!3	2022-07-20 00:52:19 +00:00
ddelange	7973dd906d	Add nodeSelector, tolerations, affinity to beat	2022-07-20 00:52:19 +00:00