From e5face3ab4728cf140d5d4757f08858b61255b67 Mon Sep 17 00:00:00 2001 From: Oussama Miladi <35038682+omiladi@users.noreply.github.com> Date: Thu, 9 Apr 2026 15:55:00 +0200 Subject: [PATCH 1/2] feat: use static version for helm charts --- .../templates/console/values/00-main.j2 | 3 +++ roles/socle-config/files/config.yaml | 3 --- .../socle-config/files/cr-conf-dso-default.yaml | 1 - roles/socle-config/files/releases.yaml | 17 +++++++---------- roles/socle-config/templates/crd-conf-dso.yaml | 17 ----------------- 5 files changed, 10 insertions(+), 31 deletions(-) diff --git a/roles/gitops/rendering-apps-files/templates/console/values/00-main.j2 b/roles/gitops/rendering-apps-files/templates/console/values/00-main.j2 index 989a58cff..b0f094fa6 100644 --- a/roles/gitops/rendering-apps-files/templates/console/values/00-main.j2 +++ b/roles/gitops/rendering-apps-files/templates/console/values/00-main.j2 @@ -159,6 +159,9 @@ console: envFrom: - secretRef: name: dso-config + env: + DSO_NS_CHART_VERSION: "dso-ns-1.1.5" + DSO_ENV_CHART_VERSION: "dso-env-1.7.0" {% if dsc.observatorium.installEnabled %} env: DSO_OBSERVABILITY_CHART_VERSION: {{ dsc.observatorium.observabilityChartVersion | quote }} diff --git a/roles/socle-config/files/config.yaml b/roles/socle-config/files/config.yaml index 264660f43..68590170b 100644 --- a/roles/socle-config/files/config.yaml +++ b/roles/socle-config/files/config.yaml @@ -52,9 +52,6 @@ spec: cpnAnsibleJob: helmRepoUrl: https://cloud-pi-native.github.io/helm-charts values: {} - cpnIntegrationTestJob: - helmRepoUrl: https://cloud-pi-native.github.io/helm-charts - values: {} gitlab: installEnabled: true namespace: dso-gitlab diff --git a/roles/socle-config/files/cr-conf-dso-default.yaml b/roles/socle-config/files/cr-conf-dso-default.yaml index 7e5066d9b..6f867b3f6 100644 --- a/roles/socle-config/files/cr-conf-dso-default.yaml +++ b/roles/socle-config/files/cr-conf-dso-default.yaml @@ -64,7 +64,6 @@ spec: cloudnativepg: {} console: {} cpnAnsibleJob: {} - cpnIntegrationTestJob: {} gitlab: {} glexporter: {} gitlabOperator: {} diff --git a/roles/socle-config/files/releases.yaml b/roles/socle-config/files/releases.yaml index f35f910f1..e6a946979 100644 --- a/roles/socle-config/files/releases.yaml +++ b/roles/socle-config/files/releases.yaml @@ -7,7 +7,7 @@ spec: # https://artifacthub.io/packages/helm/argo/argo-cd chartVersion: 8.5.6 # https://github.com/cloud-pi-native/helm-charts/tree/main/charts/dso-argocd-zone - zoneChartVersion: ">=1.0.0 <2.0.0" + zoneChartVersion: "1.0.5" argocdInfra: # https://artifacthub.io/packages/helm/argo/argo-cd chartVersion: 8.5.6 @@ -28,13 +28,10 @@ spec: chartVersion: "0.27.0" console: # https://github.com/cloud-pi-native/console/releases - chartVersion: ">=2.0.0 <3.0.0" + chartVersion: 2.3.5 cpnAnsibleJob: # https://github.com/cloud-pi-native/helm-charts/releases - chartVersion: ">=1.0.0 <2.0.0" - cpnIntegrationTestJob: - # https://github.com/cloud-pi-native/helm-charts/releases - chartVersion: ">=1.0.0 <2.0.0" + chartVersion: "1.1.0" gitlab: # https://artifacthub.io/packages/helm/gitlab/gitlab chartVersion: "9.4.1" @@ -57,7 +54,7 @@ spec: # https://github.com/grafana/grafana/tags imageVersion: "10.4.3" # https://github.com/cloud-pi-native/helm-charts/tags - chartVersion: ">=1.0.0 <2.0.0" + chartVersion: "1.7.0" harbor: # https://artifacthub.io/packages/helm/harbor/harbor chartVersion: 1.16.0 @@ -75,11 +72,11 @@ spec: chartVersion: 5.14.0 observatorium: # https://github.com/cloud-pi-native/helm-charts/tags - chartVersion: ">=0.0.0 <1.0.0" + chartVersion: "0.5.4" # https://github.com/cloud-pi-native/helm-charts/tags - observabilityChartVersion: ">=0.0.0 <1.0.0" + observabilityChartVersion: "0.1.8" # https://github.com/cloud-pi-native/helm-charts/tags - observabilityPluginVersion: "v1.2.0" + observabilityPluginVersion: "v1.2.1" sonarqube: # https://artifacthub.io/packages/helm/sonarqube/sonarqube chartVersion: 10.8.1 diff --git a/roles/socle-config/templates/crd-conf-dso.yaml b/roles/socle-config/templates/crd-conf-dso.yaml index e8fdee72b..c6feb57ec 100644 --- a/roles/socle-config/templates/crd-conf-dso.yaml +++ b/roles/socle-config/templates/crd-conf-dso.yaml @@ -460,23 +460,6 @@ spec: type: object x-kubernetes-preserve-unknown-fields: true type: object - cpnIntegrationTestJob: - description: Configuration for cpn-job. - properties: - helmRepoUrl: - description: Cloud-Pi-Native helm repository url. - type: string - chartVersion: - description: Cloud-Pi-Native helm chart version (e.g., "1.0.0"). - type: string - values: - description: | - You can add custom values for cpn-job, they will be merged with roles/gitops/rendering-apps-files/ - https://github.com/cloud-pi-native/helm-charts/blob/main/charts/dso-job - https://github.com/cloud-pi-native/helm-charts/blob/main/charts/dso-job/values.yaml - type: object - x-kubernetes-preserve-unknown-fields: true - type: object gitlab: description: Configuration for GitLab. properties: From cb2c50285f78b3b8168d0546b4b704946e33220f Mon Sep 17 00:00:00 2001 From: Oussama Miladi <35038682+omiladi@users.noreply.github.com> Date: Thu, 9 Apr 2026 16:57:01 +0200 Subject: [PATCH 2/2] feat: add backend and strangler config to the console app --- .../templates/console/values/00-main.j2 | 114 +++--------------- .../templates/console/values/10-affinity.j2 | 24 ++++ .../templates/console/values/10-exposed-ca.j2 | 4 + .../templates/console/values/10-profile.j2 | 24 ++++ .../templates/console/values/10-proxy.j2 | 10 ++ .../templates/console/values/10-registry.j2 | 6 + 6 files changed, 82 insertions(+), 100 deletions(-) diff --git a/roles/gitops/rendering-apps-files/templates/console/values/00-main.j2 b/roles/gitops/rendering-apps-files/templates/console/values/00-main.j2 index b0f094fa6..825d5a994 100644 --- a/roles/gitops/rendering-apps-files/templates/console/values/00-main.j2 +++ b/roles/gitops/rendering-apps-files/templates/console/values/00-main.j2 @@ -40,9 +40,6 @@ console: backend: "{{ dsc.keycloak.subDomain }}.{{ dsc.keycloak.namespace }}.svc.cluster.local" frontend: "" realm: {{ dsc.keycloak.applicationRealm }} - protocol: - backend: "http" - frontend: "https" clientIds: backend: "console-backend" frontend: "console-frontend" @@ -60,110 +57,27 @@ console: - annotations: {{ dsc.ingress.annotations }} labels: {{ dsc.ingress.labels }} - client: - replicaCount: 1 - container: - port: 8080 - healthcheckPath: "/" - strategy: - type: "RollingUpdate" - startupProbe: - enabled: true - initialDelaySeconds: 0 - successThreshold: 1 - failureThreshold: 10 - periodSeconds: 10 - timeoutSeconds: 5 - readinessProbe: - enabled: true - initialDelaySeconds: 15 - successThreshold: 2 - failureThreshold: 2 - periodSeconds: 10 - timeoutSeconds: 5 - livenessProbe: - enabled: true - initialDelaySeconds: 30 - successThreshold: 1 - failureThreshold: 3 - periodSeconds: 30 - timeoutSeconds: 5 - service: - type: "ClusterIP" - port: 80 - resources: - requests: - memory: "128Mi" - cpu: "250m" - limits: - memory: "512Mi" - cpu: "500m" - autoscaling: - enabled: false - minReplicas: 1 - maxReplicas: 3 - targetCPUUtilizationPercentage: 80 - targetMemoryUtilizationPercentage: 80 server: - replicaCount: 1 - container: - port: 8080 - healthcheckPath: "/api/v1/healthz" - strategy: - type: "RollingUpdate" - startupProbe: - enabled: true - initialDelaySeconds: 0 - successThreshold: 1 - failureThreshold: 10 - periodSeconds: 10 - timeoutSeconds: 5 - readinessProbe: - enabled: true - initialDelaySeconds: 15 - successThreshold: 2 - failureThreshold: 2 - periodSeconds: 10 - timeoutSeconds: 5 - livenessProbe: - enabled: true - initialDelaySeconds: 30 - successThreshold: 1 - failureThreshold: 3 - periodSeconds: 30 - timeoutSeconds: 5 - extraCa: - name: "" - key: "" - mountSubPath: "ca_certs" - service: - type: "ClusterIP" - port: 80 - disabledPlugins: "" - resources: - requests: - memory: "128Mi" - cpu: "250m" - limits: - memory: "512Mi" - cpu: "500m" - autoscaling: - enabled: false - minReplicas: 1 - maxReplicas: 3 - targetCPUUtilizationPercentage: 80 - targetMemoryUtilizationPercentage: 80 - serviceAccount: - create: true - name: "cpn-console-server" envFrom: - secretRef: name: dso-config env: - DSO_NS_CHART_VERSION: "dso-ns-1.1.5" - DSO_ENV_CHART_VERSION: "dso-env-1.7.0" + DSO_NS_CHART_VERSION: "1.1.5" + DSO_ENV_CHART_VERSION: "1.7.0" {% if dsc.observatorium.installEnabled %} + DSO_OBSERVABILITY_CHART_VERSION: {{ dsc.observatorium.observabilityChartVersion | quote }} + GRAFANA_URL: https:// + plugins: + - https://github.com/cloud-pi-native/console-plugin-observability/releases/download/{{ dsc.observatorium.observabilityPluginVersion }}/build-artifact.zip +{% endif %} + backend: + envFrom: + - secretRef: + name: dso-config env: + DSO_NS_CHART_VERSION: "1.1.5" + DSO_ENV_CHART_VERSION: "1.7.0" +{% if dsc.observatorium.installEnabled %} DSO_OBSERVABILITY_CHART_VERSION: {{ dsc.observatorium.observabilityChartVersion | quote }} GRAFANA_URL: https:// plugins: diff --git a/roles/gitops/rendering-apps-files/templates/console/values/10-affinity.j2 b/roles/gitops/rendering-apps-files/templates/console/values/10-affinity.j2 index 0f77698c9..bf0c8b264 100644 --- a/roles/gitops/rendering-apps-files/templates/console/values/10-affinity.j2 +++ b/roles/gitops/rendering-apps-files/templates/console/values/10-affinity.j2 @@ -22,3 +22,27 @@ console: app.kubernetes.io/instance: {{ dsc.global.gitOps.envName }}-{{ dsc.console.namespace }} app.kubernetes.io/name: {{ dsc_name }}-cpn-console-server topologyKey: kubernetes.io/hostname + + strangler: + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 100 + podAffinityTerm: + labelSelector: + matchLabels: + app.kubernetes.io/instance: {{ dsc.global.gitOps.envName }}-{{ dsc.console.namespace }} + app.kubernetes.io/name: {{ dsc_name }}-cpn-console-server + topologyKey: kubernetes.io/hostname + + backend: + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 100 + podAffinityTerm: + labelSelector: + matchLabels: + app.kubernetes.io/instance: {{ dsc.global.gitOps.envName }}-{{ dsc.console.namespace }} + app.kubernetes.io/name: {{ dsc_name }}-cpn-console-server + topologyKey: kubernetes.io/hostname diff --git a/roles/gitops/rendering-apps-files/templates/console/values/10-exposed-ca.j2 b/roles/gitops/rendering-apps-files/templates/console/values/10-exposed-ca.j2 index 8eaa73db3..56de96b01 100644 --- a/roles/gitops/rendering-apps-files/templates/console/values/10-exposed-ca.j2 +++ b/roles/gitops/rendering-apps-files/templates/console/values/10-exposed-ca.j2 @@ -4,4 +4,8 @@ console: extraCa: name: bundle key: ca.pem + backend: + extraCa: + name: bundle + key: ca.pem {% endif %} \ No newline at end of file diff --git a/roles/gitops/rendering-apps-files/templates/console/values/10-profile.j2 b/roles/gitops/rendering-apps-files/templates/console/values/10-profile.j2 index fc648884e..878e3c7e8 100644 --- a/roles/gitops/rendering-apps-files/templates/console/values/10-profile.j2 +++ b/roles/gitops/rendering-apps-files/templates/console/values/10-profile.j2 @@ -11,6 +11,18 @@ console: runAsUser: 1001 seccompProfile: type: RuntimeDefault + + backend: + container: + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + runAsNonRoot: true + runAsUser: 1000 + seccompProfile: + type: RuntimeDefault server: container: @@ -23,4 +35,16 @@ console: runAsUser: 1000 seccompProfile: type: RuntimeDefault + + strangler: + container: + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: + - ALL + runAsNonRoot: true + runAsUser: 101 + seccompProfile: + type: RuntimeDefault {% endif %} diff --git a/roles/gitops/rendering-apps-files/templates/console/values/10-proxy.j2 b/roles/gitops/rendering-apps-files/templates/console/values/10-proxy.j2 index 36e40ea5f..9ef61b9f8 100644 --- a/roles/gitops/rendering-apps-files/templates/console/values/10-proxy.j2 +++ b/roles/gitops/rendering-apps-files/templates/console/values/10-proxy.j2 @@ -10,4 +10,14 @@ console: value: - name: no_proxy value: + backend: + proxy: + enabled: true + env: + - name: http_proxy + value: + - name: https_proxy + value: + - name: no_proxy + value: {% endif %} diff --git a/roles/gitops/rendering-apps-files/templates/console/values/10-registry.j2 b/roles/gitops/rendering-apps-files/templates/console/values/10-registry.j2 index a369040e5..b67bcdecd 100644 --- a/roles/gitops/rendering-apps-files/templates/console/values/10-registry.j2 +++ b/roles/gitops/rendering-apps-files/templates/console/values/10-registry.j2 @@ -2,6 +2,12 @@ console: server: image: repository: "/cloud-pi-native/console/server" + strangler: + image: + repository: "/cloud-pi-native/console/nginx-strangler" + backend: + image: + repository: "/cloud-pi-native/console/server-nestjs" client: image: repository: "/cloud-pi-native/console/client"