Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ref: microbin #1396

Merged
merged 1 commit into from
Sep 25, 2024
Merged

ref: microbin #1396

merged 1 commit into from
Sep 25, 2024

Conversation

axeII
Copy link
Owner

@axeII axeII commented Sep 24, 2024

Description of the change

refactors microbin to helm chart version 3.4.0 also moves it to external ingress class.

@bot-akira
Copy link
Contributor

bot-akira bot commented Sep 24, 2024 

--- kubernetes/apps/default/microbin/app Kustomization: flux-system/cluster-apps-microbin HelmRelease: default/microbin

+++ kubernetes/apps/default/microbin/app Kustomization: flux-system/cluster-apps-microbin HelmRelease: default/microbin

@@ -12,63 +12,76 @@

     spec:
       chart: app-template
       sourceRef:
         kind: HelmRepository
         name: bjw-s-charts
         namespace: flux-system
-      version: 1.5.1
-  install:
-    createNamespace: true
-    remediation:
-      retries: 5
-  interval: 15m
-  upgrade:
-    remediation:
-      retries: 5
+      version: 3.4.0
   values:
-    controller:
-      annotations:
-        reloader.stakater.com/auto: 'true'
-      type: statefulset
-    env:
-      MICROBIN_DATA_DIR: /var/lib/microbin
-      MICROBIN_PORT: '80'
-      MICROBIN_PUBLIC_PATH: https://pastebin...PLACEHOLDER..
-    envfrom:
-    - secretRef:
-        name: microbin-secret
-    fullNameOverride: microbin
-    image:
-      repository: docker.io/danielszabo99/microbin
-      tag: 2.0.4@sha256:c5bd4643135540a68a2846950fe4f65f3bcc94b62ed7c7644e563dfde6f1732c
+    controllers:
+      microbin:
+        containers:
+          app:
+            env:
+              MICROBIN_DATA_DIR: /var/lib/microbin
+              MICROBIN_PORT: '80'
+              MICROBIN_PUBLIC_PATH: https://pastebin...PLACEHOLDER..
+            envFrom:
+            - secretRef:
+                name: microbin-secret
+            image:
+              repository: ghcr.io/vaskozl/microbin-bin
+              tag: 2.0.4@sha256:0b6bd97aafff7c54c66611f3428218314f191594f8c4a4836b54b16b6a1b3689
+            probes:
+              liveness:
+                enabled: true
+              readiness:
+                enabled: true
+            resources:
+              limits:
+                memory: 80Mi
+              requests:
+                cpu: 10m
+                memory: 10Mi
+            securityContext:
+              allowPrivilegeEscalation: false
+              capabilities:
+                drop:
+                - ALL
+              readOnlyRootFilesystem: true
+        statefulset:
+          podManagementPolicy: Parallel
+          volumeClaimTemplates:
+          - accessMode: ReadWriteOnce
+            globalMounts:
+            - name: data
+              path: /var/lib/microbin
+              size: 1Mi
+        type: statefulset
+    defaultPodOptions:
+      securityContext:
+        fsGroup: 1000
+        runAsGroup: 1000
+        runAsNonRoot: true
+        runAsUser: 1000
+        seccompProfile:
+          type: RuntimeDefault
     ingress:
-      main:
-        annotations:
-          gatus.io/enabled: 'true'
-          hajimari.io/icon: simple-icons:pastebin
-        enabled: true
+      app:
+        className: external
         hosts:
         - host: pastebin...PLACEHOLDER..
           paths:
           - path: /
-            pathType: Prefix
-        ingressClassName: internal
+            service:
+              identifier: app
+              port: http
         tls:
         - hosts:
           - pastebin...PLACEHOLDER..
-    resources:
-      limits:
-        memory: 250Mi
-      requests:
-        cpu: 5m
-        memory: 50Mi
     service:
-      main:
+      app:
+        controller: microbin
         ports:
           http:
             port: 80
-    volumeClaimTemplates:
-    - accessMode: ReadWriteOnce
-      mountPath: /var/lib/microbin
-      name: data
-      size: 1Mi
 
--- kubernetes/apps Kustomization: flux-system/cluster-apps Kustomization: flux-system/cluster-apps-microbin

+++ kubernetes/apps Kustomization: flux-system/cluster-apps Kustomization: flux-system/cluster-apps-microbin

@@ -9,17 +9,12 @@

   namespace: flux-system
 spec:
   decryption:
     provider: sops
     secretRef:
       name: sops-age
-  healthChecks:
-  - apiVersion: helm.toolkit.fluxcd.io/v2beta1
-    kind: HelmRelease
-    name: microbin
-    namespace: default
   interval: 30m
   path: ./kubernetes/apps/default/microbin/app
   postBuild:
     substituteFrom:
     - kind: ConfigMap
       name: cluster-settings
@@ -27,8 +22,10 @@

       name: cluster-secrets
   prune: true
   retryInterval: 1m
   sourceRef:
     kind: GitRepository
     name: home-kubernetes
-  timeout: 3m
+  targetNamespace: default
+  timeout: 15m
+  wait: true

@axeII
Copy link
Owner Author

axeII commented Sep 24, 2024

🦙 MegaLinter status: ✅ SUCCESS

Descriptor Linter Files Fixed Errors Elapsed time

See detailed report in MegaLinter reports
Set VALIDATE_ALL_CODEBASE: true in mega-linter.yml to validate all sources, not only the diff

MegaLinter is graciously provided by OX Security

@axeII axeII changed the title Update microbin app helmrelease.yaml and ks.yaml ref: microbin Sep 25, 2024
@axeII axeII merged commit 078a865 into main Sep 25, 2024
5 of 8 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
area/kubernetes
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@axeII