stakater / application Goto Github PK

Hello

it would be more beneficial if you would add the changelog together with the release, as it is quite difficult to understand what was the latest changes in a single view.

Thanks

Enforce requests & limits in the deployments

livenessProbe:
  initialDelaySeconds: 15
  timeoutSeconds: 5
  periodSeconds: 30
  successThreshold: 1
  failureThreshold: 5

readinessProbe:
  initialDelaySeconds: 15
  timeoutSeconds: 5
  periodSeconds: 30
  successThreshold: 1
  failureThreshold: 5

Add support to override env variables

e.g.

This will enforce/ensure that our Reloader is used by default

{{if .Values.reloadOnChange}} 
  annotations:
    configmap.reloader.stakater.com/reload: {{ template "stakater-app.appname" . }}
    secret.reloader.stakater.com/reload: {{ template "stakater-app.appname" . }}
{{end}}

Add HPA resource and document as well

Pods can be slow when creating, updating, or deleting because old objects are still tracked in the cluster. You can reduce the revisionHistoryLimit of deployments to cleanup older ReplicaSets which will lower to total amount of objects tracked by the Kubernetes Controller Manager. The default history limit for Deployments in 10.

Our recommended value should be 2 and not more

According to https://docs.renovatebot.com/modules/manager/helm-values/#additional-information the values.yaml need to be structured like this for it to pick up the values:

image:
  repository: 'some-docker/dependency'
  tag: v1.0.0
  registry: registry.example.com # optional key, will default to "docker.io"

Hello

It would be easier for 3rd party people, if you would separate the README and the CHANGELOG into their own files.

Thanks

Hi

In the .yaml for this configuration it is written in plural, but in the README.md you wrote it as singular.

Please update to avoid misunderstanding.

Thanks.

With docker image tags like...

deployment:
  image:
    tag: latest@sha256:f2a9d619483d11cd8b2f12be2bc4fb1cc9b7a4e01295b8ba52d4aea54f528556

the chart renders invalid appVersion labels:

metadata.labels: Invalid value: \"latest@sha256:f2a9d619483d11cd8b2f12be2bc4fb1cc9b7a4e01295b8ba5\":
a valid label must be an empty string or consist of alphanumeric characters, '-', '_' or '.', and must start and end with an alphanumeric character (e.g. 'MyValue',  or 'my_value',  or '12345', regex used for validation is '(([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9])?')

Would it be possible to trim everything after "@" or maybe support an optional applicationVersion parameter?

I can create a pull request if necessary. Thanks for the great helm chart btw!

https://docs.bitnami.com/tutorials/production-ready-charts/#use-non-root-containers

In order to make your Helm chart work with non-root containers, add the securityContext section to your yaml files.

e.g.

spec:
  {{- if .Values.securityContext.enabled }}
  securityContext:
    fsGroup: {{ .Values.securityContext.fsGroup }}
  {{- end }}

Add these common recommended common labels

    app.kubernetes.io/name: mysql
    app.kubernetes.io/instance: mysql-abcxzy
    app.kubernetes.io/version: "5.7.21"
    app.kubernetes.io/component: database
    app.kubernetes.io/part-of: wordpress
    app.kubernetes.io/managed-by: helm

https://kubernetes.io/docs/concepts/overview/working-with-objects/common-labels/

The pipeline is broken and needs to be fixed

[Pipeline] sh
+ chmod 600 /root/.ssh-git/ssh-key
chmod: changing permissions of '/root/.ssh-git/ssh-key': Read-only file system

Add config in service to set ClusterIP to None for headless service setup.

We should add .Capabilities.APIVersions.Has to non k8s core resources

https://github.com/stakater/application/blob/master/application/values.yaml#L213-L220

• reduce to 10m
• reduce to 50MB

and set same limits

Scenarios to test endpointmonitor creation:

1. Works when both ingress and route are enabled
2. When ingress is enabled
3. When route is enabled
4. But if none is enable then it doesn’t create the endpointmonitor

Add support for grafana dashboard

There should be possibility to override namespace like this

{{/*
Allow the release namespace to be overridden
*/}}
{{- define "rabbitmq-operator.namespace" -}}
{{- default .Release.Namespace .Values.namespaceOverride -}}
{{- end -}}

Change from apiVersion: apps/v1beta1 to apiVersion: apps/v1

Rename the file from routes.yaml to route.yaml

We use the flag name enabled for all resources except rbac in which we have called it create; so, for harmony perspective we should rename it to enabled as well

Jenkinsfile is broken and new changes aren't released anymore

Please add a license file and clearify which software license the code is under (e.g. MIT).

As these applications are namespace'd scope; we should remove the cluster level resources like ClusterRole and ClusterRoleBinding

This chart should only support creation of resources which are only namespace scoped

There are some tools out there to automatically generate helm chart documentation from the values and comments. It would ensure we don't miss any entries and enforce comments in the value file.

Add VPA manifest; and I would like it to be always running in recommendation mode and document it as well

In this example, you create a VerticalPodAutoscaler that has an updateMode of "Off". Then you create a Deployment that has two Pods, each of which has one container. When the Pods are created, the VerticalPodAutoscaler analyzes the CPU and memory needs of the containers and records those recommendations in its status field. The VerticalPodAutoscaler does not take any action to update the resource requests for the running containers.

Here is a manifest for the VerticalPodAutoscaler:

apiVersion: autoscaling.k8s.io/v1
kind: VerticalPodAutoscaler
metadata:
  name: my-rec-vpa
spec:
  targetRef:
    apiVersion: "apps/v1"
    kind:       Deployment
    name:       my-rec-deployment
  updatePolicy:
    updateMode: "Off"

Here is a manifest for the Deployment:

apiVersion: apps/v1
kind: Deployment
metadata:
  name: my-rec-deployment
spec:
  replicas: 2
  selector:
    matchLabels:
      app: my-rec-deployment
  template:
    metadata:
      labels:
        app: my-rec-deployment
    spec:
      containers:
      - name: my-rec-container
        image: nginx

In the manifest, you can see that there are no CPU or memory requests. You can also see that the Pods in the Deployment belong to the VerticalPodAutoscaler, because it points to the target of kind: Deployment and name: my-rec-deployment.

The output shows recommendations for CPU and memory requests:

...
  recommendation:
    containerRecommendations:
    - containerName: my-rec-container
      lowerBound:
        cpu: 25m
        memory: 262144k
      target:
        cpu: 25m
        memory: 262144k
      upperBound:
        cpu: 7931m
        memory: 8291500k
...

remove namespace from chart

Add support for external secrets

need to enforce setting of:

• readiness probe
• liveness probe

if not specified then default values should be applied

Add a thorough ReadMe which explains all components of charts and their fields

Look this one for example: https://github.com/rht-labs/helm-charts/tree/master/charts/sonarqube#sonarqube

This issue lists Renovate updates and detected dependencies. Read the Dependency Dashboard docs to learn more.

Ignored or Blocked

These are blocked by an existing closed PR and will not be recreated unless you click a checkbox below.

• Update azure/setup-kubectl action to v4

Detected dependencies

• Check this box to trigger a request for Renovate to run again on this repository

I'd like to see automatic release and changelog updates in such a simple repository.
You can see an example implementation using semantic-release in this repository https://github.com/aslafy-z/helm-git. semantic-release also knowns how to maintain a CHANGELOG.md like you do in this repository.
There is also pre-packaged GitHub Actions to run, such as: https://github.com/marketplace/actions/action-for-semantic-release.
What do you think?

Thoroughly document in readme how to do local development and validation

Currently the path is hardcoded to / but there should be possibility to provide different path

Add three mandatory labels to every manifest

• application
• team
• version

optional forecastle manifest

We should review these labels; as some of them are static and don't make sense

  labels:
    app: review
    app.kubernetes.io/instance: gabbar-dev-stakater-nordmart-review
    release: gabbar-dev-stakater-nordmart-review
    provider: stakater
    appVersion: 1.0.43
    team: stakater
    chart: application-1.1.14
    heritage: Helm
    appCategory: backend
    group: com.stakater.platform

We can remove these:

• provider: stakater
• team: stakater

And have different names for others

Setting space value to true by mistake can result in destructive action; so, we should remove space from the application chart

As space controls namespace; so, deleting a space deletes namespace; and learned hard way that it's very dangerous to have space in application chart

Space/namespace should be handled via separate chart or some other mechanism

Need to ensure we bump minor version

Change email to [email protected]

https://docs.cloud.stakater.com/content/sre/monitoring/app-alerts.html#creating-application-alerts-to-monitor-application-workloads

Add service monitor and document as well

e.g.

{{- if .Values.servicemonitor.enabled -}}
{{- $port := .Values.service.port -}}
apiVersion: monitoring.coreos.com/v1
kind: ServiceMonitor
metadata:
  labels:
    app: {{ template "stakater-app.appname" . }}
    team: {{ required "A valid .Values.team entry required!" .Values.team }}
    app-version: {{ template "stakater-app.appversion" . }}
    chart: {{ template "stakater-app.chart" . }}
    heritage: {{ .Release.Service }}
    k8s-app: {{ template "stakater-app.appname" . }}
  name: {{ template "stakater-app.appname" . }}
  namespace: {{ .Values.servicemonitor.namespace }}
spec:
  endpoints:
  - interval: 10s
    path: /admin/prometheus
    port: {{ $port }}-tcp
    scheme: {{ .Values.service.scheme }}
    tlsConfig:
      insecureSkipVerify: true
  jobLabel: k8s-app
  namespaceSelector:
    matchNames:
    - {{ .Release.Namespace }}
  selector:
    matchLabels:
      app: {{ template "stakater-app.appname" . }}
{{- end }}

Currently, the checkout action in the unittests job of our GitHub Actions workflow is not actually running tests from the pull request head, instead running the ones on their base branch, master.

This leads to PRs that break unit tests passing the status check.

Enhance the structure and readability of values.yaml file

Update and merge this PR

https://github.com/stakater-charts/application/pull/11/files

Default Application doesn't run until Service Account is created.

applicationName: "tiny"
deployment:
  image:
    repository: travix/tinyproxy
    tag: latest

The above config kept on failing at replica set level.

Issues making it difficult to use in start.

• No error when deploying, but pods won't come up.
• Not a single example on Homepage which can be copy pasted and run. Eg. (Sample Nginx)