diff --git a/.github/workflows/release-helm.yml b/.github/workflows/release-helm.yml
index 6719385e91..c6efd382ff 100644
--- a/.github/workflows/release-helm.yml
+++ b/.github/workflows/release-helm.yml
@@ -29,6 +29,14 @@ jobs:
with:
version: "3.18.3"
+ - name: Build dependencies
+ run: helm dependency build ./hosting/k8s/helm/
+
+ - name: Extract dependency charts
+ run: |
+ cd ./hosting/k8s/helm/
+ for file in ./charts/*.tgz; do echo "Extracting $file"; tar -xzf "$file" -C ./charts; done
+
- name: Lint Helm Chart
run: |
helm lint ./hosting/k8s/helm/
@@ -60,6 +68,14 @@ jobs:
with:
version: "3.18.3"
+ - name: Build dependencies
+ run: helm dependency build ./hosting/k8s/helm/
+
+ - name: Extract dependency charts
+ run: |
+ cd ./hosting/k8s/helm/
+ for file in ./charts/*.tgz; do echo "Extracting $file"; tar -xzf "$file" -C ./charts; done
+
- name: Log in to Container Registry
uses: docker/login-action@v3
with:
@@ -115,7 +131,7 @@ jobs:
```bash
helm upgrade --install trigger \
oci://${{ env.REGISTRY }}/${{ github.repository_owner }}/charts/${{ env.CHART_NAME }} \
- --version ${{ steps.version.outputs.version }}
+ --version "${{ steps.version.outputs.version }}"
```
### Changes
diff --git a/apps/webapp/app/components/SetupCommands.tsx b/apps/webapp/app/components/SetupCommands.tsx
index 0a21bc54ce..e68273a0db 100644
--- a/apps/webapp/app/components/SetupCommands.tsx
+++ b/apps/webapp/app/components/SetupCommands.tsx
@@ -1,6 +1,7 @@
import { createContext, useContext, useState } from "react";
import { useAppOrigin } from "~/hooks/useAppOrigin";
import { useProject } from "~/hooks/useProject";
+import { useTriggerCliTag } from "~/hooks/useTriggerCliTag";
import {
ClientTabs,
ClientTabsContent,
@@ -35,8 +36,6 @@ function usePackageManager() {
return context;
}
-const v3PackageTag = "latest";
-
function getApiUrlArg() {
const appOrigin = useAppOrigin();
@@ -69,8 +68,9 @@ export function InitCommandV3({ title }: TabsProps) {
const project = useProject();
const projectRef = project.externalRef;
const apiUrlArg = getApiUrlArg();
+ const triggerCliTag = useTriggerCliTag();
- const initCommandParts = [`trigger.dev@${v3PackageTag}`, "init", `-p ${projectRef}`, apiUrlArg];
+ const initCommandParts = [`trigger.dev@${triggerCliTag}`, "init", `-p ${projectRef}`, apiUrlArg];
const initCommand = initCommandParts.filter(Boolean).join(" ");
const { activePackageManager, setActivePackageManager } = usePackageManager();
@@ -118,6 +118,7 @@ export function InitCommandV3({ title }: TabsProps) {
}
export function TriggerDevStepV3({ title }: TabsProps) {
+ const triggerCliTag = useTriggerCliTag();
const { activePackageManager, setActivePackageManager } = usePackageManager();
return (
@@ -139,7 +140,7 @@ export function TriggerDevStepV3({ title }: TabsProps) {
variant="secondary/medium"
iconButton
className="mb-4"
- value={`npx trigger.dev@${v3PackageTag} dev`}
+ value={`npx trigger.dev@${triggerCliTag} dev`}
/>
@@ -147,7 +148,7 @@ export function TriggerDevStepV3({ title }: TabsProps) {
variant="secondary/medium"
iconButton
className="mb-4"
- value={`pnpm dlx trigger.dev@${v3PackageTag} dev`}
+ value={`pnpm dlx trigger.dev@${triggerCliTag} dev`}
/>
@@ -155,7 +156,7 @@ export function TriggerDevStepV3({ title }: TabsProps) {
variant="secondary/medium"
iconButton
className="mb-4"
- value={`yarn dlx trigger.dev@${v3PackageTag} dev`}
+ value={`yarn dlx trigger.dev@${triggerCliTag} dev`}
/>
@@ -163,6 +164,7 @@ export function TriggerDevStepV3({ title }: TabsProps) {
}
export function TriggerLoginStepV3({ title }: TabsProps) {
+ const triggerCliTag = useTriggerCliTag();
const { activePackageManager, setActivePackageManager } = usePackageManager();
return (
@@ -184,7 +186,7 @@ export function TriggerLoginStepV3({ title }: TabsProps) {
variant="secondary/medium"
iconButton
className="mb-4"
- value={`npx trigger.dev@${v3PackageTag} login`}
+ value={`npx trigger.dev@${triggerCliTag} login`}
/>
@@ -192,7 +194,7 @@ export function TriggerLoginStepV3({ title }: TabsProps) {
variant="secondary/medium"
iconButton
className="mb-4"
- value={`pnpm dlx trigger.dev@${v3PackageTag} login`}
+ value={`pnpm dlx trigger.dev@${triggerCliTag} login`}
/>
@@ -200,7 +202,7 @@ export function TriggerLoginStepV3({ title }: TabsProps) {
variant="secondary/medium"
iconButton
className="mb-4"
- value={`yarn dlx trigger.dev@${v3PackageTag} login`}
+ value={`yarn dlx trigger.dev@${triggerCliTag} login`}
/>
diff --git a/apps/webapp/app/env.server.ts b/apps/webapp/app/env.server.ts
index 9136e44a1a..6f742faa26 100644
--- a/apps/webapp/app/env.server.ts
+++ b/apps/webapp/app/env.server.ts
@@ -856,6 +856,9 @@ const EnvironmentSchema = z.object({
// Machine presets
MACHINE_PRESETS_OVERRIDE_PATH: z.string().optional(),
+
+ // CLI package tag (e.g. "latest", "v4-beta", "4.0.0") - used for setup commands
+ TRIGGER_CLI_TAG: z.string().default("latest"),
});
export type Environment = z.infer;
diff --git a/apps/webapp/app/hooks/useTriggerCliTag.ts b/apps/webapp/app/hooks/useTriggerCliTag.ts
new file mode 100644
index 0000000000..190a28ef39
--- /dev/null
+++ b/apps/webapp/app/hooks/useTriggerCliTag.ts
@@ -0,0 +1,8 @@
+import { useTypedRouteLoaderData } from "remix-typedjson";
+import { type loader } from "~/root";
+
+export function useTriggerCliTag() {
+ const routeMatch = useTypedRouteLoaderData("root");
+
+ return routeMatch!.triggerCliTag;
+}
diff --git a/apps/webapp/app/root.tsx b/apps/webapp/app/root.tsx
index c6f0929eb8..f46d3a65ff 100644
--- a/apps/webapp/app/root.tsx
+++ b/apps/webapp/app/root.tsx
@@ -56,6 +56,7 @@ export const loader = async ({ request }: LoaderFunctionArgs) => {
features,
appEnv: env.APP_ENV,
appOrigin: env.APP_ORIGIN,
+ triggerCliTag: env.TRIGGER_CLI_TAG,
kapa,
},
{ headers: { "Set-Cookie": await commitSession(session) } }
diff --git a/docs/self-hosting/kubernetes.mdx b/docs/self-hosting/kubernetes.mdx
index 41a9cbc336..e2498c56ca 100644
--- a/docs/self-hosting/kubernetes.mdx
+++ b/docs/self-hosting/kubernetes.mdx
@@ -181,7 +181,7 @@ You can set extra environment variables on all services. For example:
```yaml
webapp:
- extraEnv:
+ extraEnvVars:
- name: EXTRA_ENV_VAR
value: "extra-value"
```
@@ -202,9 +202,8 @@ You can disable the built-in services and use external services instead. For exa
```yaml
postgres:
- enabled: false
- external: true
- externalConnection:
+ deploy: false
+ external:
host: "my-postgres.example.com"
port: 5432
database: "my-database"
@@ -262,10 +261,10 @@ See the [Docker registry setup](/self-hosting/docker#registry-setup) for concept
```yaml
# Use external registry (recommended)
registry:
- external: true
+ deploy: false
# Part of deployment image ref, for example: your-registry.example.com/your-company/proj_123:20250625.1.prod
repositoryNamespace: "your-company"
- externalConnection:
+ external:
host: "your-registry.example.com"
port: 5000
auth:
@@ -285,9 +284,8 @@ See the [Docker object storage setup](/self-hosting/docker#object-storage) for c
```yaml
# Use external S3-compatible storage
minio:
- enabled: false
- external: true
- externalConnection:
+ deploy: false
+ external:
url: "https://s3.amazonaws.com"
# or: "https://your-minio.com:9000"
@@ -305,7 +303,7 @@ Authentication options are identical to the [Docker-based installation](/self-ho
**GitHub OAuth:**
```yaml
webapp:
- extraEnv:
+ extraEnvVars:
- name: AUTH_GITHUB_CLIENT_ID
value: "your-github-client-id"
- name: AUTH_GITHUB_CLIENT_SECRET
@@ -315,7 +313,7 @@ webapp:
**Email authentication (Resend):**
```yaml
webapp:
- extraEnv:
+ extraEnvVars:
- name: EMAIL_TRANSPORT
value: "resend"
- name: FROM_EMAIL
@@ -329,7 +327,7 @@ webapp:
**Restricting access:**
```yaml
webapp:
- extraEnv:
+ extraEnvVars:
- name: WHITELISTED_EMAILS
value: "user1@company\\.com|user2@company\\.com"
```
diff --git a/hosting/k8s/helm/.gitignore b/hosting/k8s/helm/.gitignore
index eb389199cc..40134ee19b 100644
--- a/hosting/k8s/helm/.gitignore
+++ b/hosting/k8s/helm/.gitignore
@@ -1,3 +1,4 @@
values-*.yaml
!values-production-example.yaml
-*.tgz
\ No newline at end of file
+*.tgz
+/charts
\ No newline at end of file
diff --git a/hosting/k8s/helm/Chart.lock b/hosting/k8s/helm/Chart.lock
new file mode 100644
index 0000000000..ac445fac17
--- /dev/null
+++ b/hosting/k8s/helm/Chart.lock
@@ -0,0 +1,15 @@
+dependencies:
+- name: postgresql
+ repository: oci://registry-1.docker.io/bitnamicharts
+ version: 16.7.14
+- name: redis
+ repository: oci://registry-1.docker.io/bitnamicharts
+ version: 21.2.6
+- name: clickhouse
+ repository: oci://registry-1.docker.io/bitnamicharts
+ version: 9.3.7
+- name: minio
+ repository: oci://registry-1.docker.io/bitnamicharts
+ version: 17.0.9
+digest: sha256:b6cef61abc0b8bcdf4e6d7d86bd8dd7999dd07543f5532f3d94797ffdf0ad30b
+generated: "2025-06-27T19:27:24.075488134+01:00"
diff --git a/hosting/k8s/helm/Chart.yaml b/hosting/k8s/helm/Chart.yaml
index d599d43add..4924aa6b45 100644
--- a/hosting/k8s/helm/Chart.yaml
+++ b/hosting/k8s/helm/Chart.yaml
@@ -2,8 +2,8 @@ apiVersion: v2
name: trigger
description: The official Trigger.dev Helm chart
type: application
-version: 4.0.0-beta.5
-appVersion: v4.0.0-v4-beta.21
+version: 4.0.0-beta.8
+appVersion: trigger-helm-rc.1
home: https://trigger.dev
sources:
- https://github.com/triggerdotdev/trigger.dev
@@ -16,3 +16,22 @@ keywords:
- automation
annotations:
category: Development
+dependencies:
+ - name: postgresql
+ version: "16.7.14"
+ repository: "oci://registry-1.docker.io/bitnamicharts"
+ condition: postgres.deploy
+ alias: postgres
+ - name: redis
+ version: "21.2.6"
+ repository: "oci://registry-1.docker.io/bitnamicharts"
+ condition: redis.deploy
+ - name: clickhouse
+ version: "9.3.7"
+ repository: "oci://registry-1.docker.io/bitnamicharts"
+ condition: clickhouse.deploy
+ - name: minio
+ version: "17.0.9"
+ repository: "oci://registry-1.docker.io/bitnamicharts"
+ condition: s3.deploy
+ alias: s3
diff --git a/hosting/k8s/helm/README.md b/hosting/k8s/helm/README.md
index 5d9a8ff5e8..742f2215b0 100644
--- a/hosting/k8s/helm/README.md
+++ b/hosting/k8s/helm/README.md
@@ -4,6 +4,19 @@ This Helm chart deploys Trigger.dev v4 self-hosting stack to Kubernetes.
## Quick Start
+### Prerequisites
+
+```bash
+# Build Helm dependencies (required for Bitnami charts)
+helm dependency build
+
+# Extract dependency charts for local template testing
+for file in ./charts/*.tgz; do echo "Extracting $file"; tar -xzf "$file" -C ./charts; done
+
+# Alternative: Use --dependency-update flag for template testing
+helm template trigger . --dependency-update
+```
+
### Installation
```bash
@@ -122,7 +135,7 @@ Use external managed services instead of bundled components:
postgres:
enabled: false
external: true
- externalConnection:
+ external:
host: "your-postgres.rds.amazonaws.com"
port: 5432
database: "trigger"
@@ -133,7 +146,7 @@ postgres:
redis:
enabled: false
external: true
- externalConnection:
+ external:
host: "your-redis.cache.amazonaws.com"
port: 6379
password: "your-password"
@@ -142,7 +155,7 @@ redis:
registry:
enabled: true
external: true
- externalConnection:
+ external:
host: "localhost"
port: 5001
username: ""
@@ -206,12 +219,15 @@ postgres:
## Persistence
-All services support persistent storage and allow you to control the storage class globally or per service:
+All services support persistent storage and allow you to control the storage class globally or per service. Our internal services (Registry) now support the full Bitnami persistence configuration pattern:
+
+### Basic Persistence Configuration
```yaml
global:
storageClass: "fast-ssd" # Default for all services
+# Bitnami chart services (simplified configuration)
postgres:
primary:
persistence:
@@ -232,27 +248,71 @@ clickhouse:
size: 10Gi
storageClass: "analytics-hdd" # Optional: override for ClickHouse
-minio:
+s3:
persistence:
enabled: true
size: 10Gi
- storageClass: "objectstore-ssd" # Optional: override for MinIO
+ storageClass: "objectstore-ssd" # Optional: override for S3
+```
+
+### Internal Services - Full Bitnami-Style Configuration
+Our internal services (Registry) support the complete Bitnami persistence configuration pattern:
+
+```yaml
+# Registry - Full persistence configuration options
registry:
persistence:
enabled: true
+ # Name to assign the volume
+ volumeName: "data"
+ # Name of an existing PVC to use
+ existingClaim: ""
+ # The path the volume will be mounted at
+ mountPath: "/var/lib/registry"
+ # The subdirectory of the volume to mount to
+ subPath: ""
+ # PVC Storage Class for Registry data volume
+ storageClass: "registry-ssd"
+ # PVC Access Mode for Registry volume
+ accessModes:
+ - "ReadWriteOnce"
+ # PVC Storage Request for Registry volume
size: 10Gi
- storageClass: "registry-ssd" # Optional: override for Registry
+ # Annotations for the PVC
+ annotations:
+ backup.velero.io/backup-volumes: "data"
+ # Labels for the PVC
+ labels:
+ app.kubernetes.io/component: "storage"
+ # Selector to match an existing Persistent Volume
+ selector:
+ matchLabels:
+ tier: "registry"
+ # Custom PVC data source
+ dataSource:
+ name: "registry-snapshot"
+ kind: "VolumeSnapshot"
+ apiGroup: "snapshot.storage.k8s.io"
# Shared persistent volume for worker token file
persistence:
shared:
enabled: true
size: 5Mi
+ accessMode: ReadWriteOnce
+ # accessMode: ReadWriteMany # Use for cross-node deployment
+ storageClass: ""
+ retain: true # Prevents deletion on uninstall
```
-- If a per-service `storageClass` is set, it overrides the global value for that service only.
-- If neither is set, the cluster's default StorageClass is used.
+### Persistence Configuration Rules
+
+- **Service-level storageClass** overrides the global value for that service only
+- **Global storageClass** applies to all services that don't specify their own
+- **Cluster default** is used if neither global nor service-level storageClass is set
+- **Internal services** (Registry) support full Bitnami-style configuration
+- **Bitnami chart services** use their respective chart's configuration patterns
## Monitoring
@@ -263,6 +323,108 @@ Health checks are configured for all services:
- Database connection tests
- Readiness and liveness probes
+### Health Probe Configuration
+
+All non-Bitnami services support configurable health probes:
+
+```yaml
+# Webapp health probes
+webapp:
+ livenessProbe:
+ enabled: true
+ initialDelaySeconds: 5
+ periodSeconds: 5
+ timeoutSeconds: 5
+ failureThreshold: 5
+ successThreshold: 1
+ readinessProbe:
+ enabled: true
+ initialDelaySeconds: 5
+ periodSeconds: 5
+ timeoutSeconds: 1
+ failureThreshold: 5
+ successThreshold: 1
+ startupProbe:
+ enabled: false
+ initialDelaySeconds: 0
+ periodSeconds: 10
+ timeoutSeconds: 5
+ failureThreshold: 60
+ successThreshold: 1
+
+# Supervisor health probes
+supervisor:
+ livenessProbe:
+ enabled: true
+ initialDelaySeconds: 5
+ periodSeconds: 5
+ timeoutSeconds: 5
+ failureThreshold: 5
+ successThreshold: 1
+ readinessProbe:
+ enabled: true
+ initialDelaySeconds: 5
+ periodSeconds: 5
+ timeoutSeconds: 1
+ failureThreshold: 5
+ successThreshold: 1
+ startupProbe:
+ enabled: false
+ initialDelaySeconds: 0
+ periodSeconds: 10
+ timeoutSeconds: 5
+ failureThreshold: 60
+ successThreshold: 1
+
+# Electric health probes
+electric:
+ livenessProbe:
+ enabled: true
+ initialDelaySeconds: 5
+ periodSeconds: 5
+ timeoutSeconds: 5
+ failureThreshold: 5
+ successThreshold: 1
+ readinessProbe:
+ enabled: true
+ initialDelaySeconds: 5
+ periodSeconds: 5
+ timeoutSeconds: 1
+ failureThreshold: 5
+ successThreshold: 1
+ startupProbe:
+ enabled: false
+ initialDelaySeconds: 0
+ periodSeconds: 10
+ timeoutSeconds: 5
+ failureThreshold: 60
+ successThreshold: 1
+
+# Registry health probes
+registry:
+ livenessProbe:
+ enabled: true
+ initialDelaySeconds: 5
+ periodSeconds: 5
+ timeoutSeconds: 5
+ failureThreshold: 5
+ successThreshold: 1
+ readinessProbe:
+ enabled: true
+ initialDelaySeconds: 5
+ periodSeconds: 5
+ timeoutSeconds: 1
+ failureThreshold: 5
+ successThreshold: 1
+ startupProbe:
+ enabled: false
+ initialDelaySeconds: 0
+ periodSeconds: 10
+ timeoutSeconds: 5
+ failureThreshold: 60
+ successThreshold: 1
+```
+
### Prometheus Integration
ServiceMonitors are available for webapp and supervisor services:
@@ -504,26 +666,31 @@ helm upgrade --install trigger . \
storageClass: "fast-nvme" # Default for all services
postgres:
- persistence:
- primary:
+ primary:
+ persistence:
size: 500Gi
redis:
- persistence:
- master:
+ master:
+ persistence:
size: 20Gi
clickhouse:
persistence:
size: 100Gi
- minio:
+ s3:
persistence:
size: 200Gi
+ # Internal services support full Bitnami-style configuration
registry:
persistence:
+ enabled: true
size: 100Gi
+ storageClass: "registry-ssd"
+ annotations:
+ backup.velero.io/backup-volumes: "data"
```
### 🏗️ High Availability (RECOMMENDED)
diff --git a/hosting/k8s/helm/templates/NOTES.txt b/hosting/k8s/helm/templates/NOTES.txt
index abac129260..659000a81b 100644
--- a/hosting/k8s/helm/templates/NOTES.txt
+++ b/hosting/k8s/helm/templates/NOTES.txt
@@ -58,25 +58,39 @@ Bootstrap Mode is enabled:
{{- end }}
Configuration:
-{{- if .Values.postgres.external }}
-- Using external PostgreSQL at {{ .Values.postgres.externalConnection.host }}:{{ .Values.postgres.externalConnection.port }}
-{{- else }}
+{{- if .Values.postgres.deploy }}
- Using internal PostgreSQL
-{{- end }}
-{{- if .Values.redis.external }}
-- Using external Redis at {{ .Values.redis.externalConnection.host }}:{{ .Values.redis.externalConnection.port }}
{{- else }}
+- Using external PostgreSQL at {{ .Values.postgres.external.host }}:{{ .Values.postgres.external.port | default 5432 }}
+{{- end }}
+{{- if .Values.redis.deploy }}
- Using internal Redis
+{{- else }}
+- Using external Redis at {{ .Values.redis.external.host }}:{{ .Values.redis.external.port | default 6379 }}
+{{- end }}
+{{- if .Values.electric.deploy }}
+- Using internal Electric sync service
+{{- else }}
+- Using external Electric sync service at {{ .Values.electric.external.url }}
{{- end }}
-{{- if .Values.electric.enabled }}
-- Electric sync service enabled
+{{- if .Values.clickhouse.deploy }}
+- Using internal ClickHouse
+{{- else }}
+- Using external ClickHouse at {{ .Values.clickhouse.external.host }}:{{ .Values.clickhouse.external.httpPort | default 8123 }}
{{- end }}
-{{- if .Values.clickhouse.enabled }}
-- ClickHouse analytics database enabled
+{{- if .Values.s3.deploy }}
+- Using internal S3-compatible object storage (MinIO)
+{{- else }}
+- Using external S3-compatible object storage at {{ .Values.s3.external.endpoint }}
{{- end }}
-{{- if .Values.minio.enabled }}
-- MinIO object storage enabled
+{{- if .Values.registry.deploy }}
+- Using internal Docker registry
+{{- else }}
+- Using external Docker registry at {{ .Values.registry.external.host }}:{{ .Values.registry.external.port }}
+{{- if eq .Values.registry.external.host "localhost" }}
+
+⚠️ Registry Warning:
+ Using localhost for registry. Deployments will only work when testing locally in kind or minikube.
+ Please ensure registry.external is properly configured to point at an external registry.
{{- end }}
-{{- if .Values.registry.enabled }}
-- Docker registry enabled
{{- end }}
\ No newline at end of file
diff --git a/hosting/k8s/helm/templates/_helpers.tpl b/hosting/k8s/helm/templates/_helpers.tpl
index 96dfc767d3..3087709f1a 100644
--- a/hosting/k8s/helm/templates/_helpers.tpl
+++ b/hosting/k8s/helm/templates/_helpers.tpl
@@ -95,33 +95,51 @@ Get the full image name for supervisor
{{- end }}
{{- end }}
+{{/*
+PostgreSQL hostname
+*/}}
+{{- define "trigger-v4.postgres.hostname" -}}
+{{- if .Values.postgres.host }}
+{{- .Values.postgres.host }}
+{{- else if .Values.postgres.deploy }}
+{{- printf "%s-postgres" .Release.Name }}
+{{- end }}
+{{- end }}
+
{{/*
PostgreSQL connection string
*/}}
{{- define "trigger-v4.postgres.connectionString" -}}
-{{- if .Values.postgres.external -}}
-postgresql://{{ .Values.postgres.externalConnection.username }}:{{ .Values.postgres.externalConnection.password }}@{{ .Values.postgres.externalConnection.host }}:{{ .Values.postgres.externalConnection.port }}/{{ .Values.postgres.externalConnection.database }}?schema={{ .Values.postgres.externalConnection.schema | default "public" }}&sslmode={{ .Values.postgres.externalConnection.sslMode | default "prefer" }}
-{{- else -}}
-postgresql://{{ .Values.postgres.auth.username }}:{{ .Values.postgres.auth.password }}@{{ include "trigger-v4.fullname" . }}-postgres:{{ .Values.postgres.primary.service.ports.postgres }}/{{ .Values.postgres.auth.database }}?schema={{ .Values.postgres.connection.schema | default "public" }}&sslmode={{ .Values.postgres.connection.sslMode | default "prefer" }}
+{{- if .Values.postgres.host -}}
+postgresql://{{ .Values.postgres.username }}:{{ .Values.postgres.password }}@{{ .Values.postgres.host }}:{{ .Values.postgres.port | default 5432 }}/{{ .Values.postgres.database }}?schema={{ .Values.postgres.schema | default "public" }}&sslmode={{ .Values.postgres.sslMode | default "prefer" }}
+{{- else if .Values.postgres.deploy -}}
+postgresql://{{ .Values.postgres.auth.username }}:{{ .Values.postgres.auth.password }}@{{ include "trigger-v4.postgres.hostname" . }}:5432/{{ .Values.postgres.auth.database }}?schema={{ .Values.postgres.connection.schema | default "public" }}&sslmode={{ .Values.postgres.connection.sslMode | default "prefer" }}
{{- end -}}
{{- end }}
+{{/*
+Redis hostname
+*/}}
+{{- define "trigger-v4.redis.hostname" -}}
+{{- if .Values.redis.host }}
+{{- .Values.redis.host }}
+{{- else if .Values.redis.deploy }}
+{{- printf "%s-redis-master" .Release.Name }}
+{{- end }}
+{{- end }}
+
{{/*
Redis connection details
*/}}
{{- define "trigger-v4.redis.host" -}}
-{{- if .Values.redis.external -}}
-{{ .Values.redis.externalConnection.host }}
-{{- else -}}
-{{ include "trigger-v4.fullname" . }}-redis-master
-{{- end -}}
+{{- include "trigger-v4.redis.hostname" . }}
{{- end }}
{{- define "trigger-v4.redis.port" -}}
-{{- if .Values.redis.external -}}
-{{ .Values.redis.externalConnection.port }}
-{{- else -}}
-{{ .Values.redis.master.service.ports.redis }}
+{{- if .Values.redis.host -}}
+{{ .Values.redis.port | default 6379 }}
+{{- else if .Values.redis.deploy -}}
+6379
{{- end -}}
{{- end }}
@@ -129,26 +147,81 @@ Redis connection details
Electric service URL
*/}}
{{- define "trigger-v4.electric.url" -}}
-{{- if .Values.electric.enabled -}}
+{{- if .Values.electric.deploy -}}
http://{{ include "trigger-v4.fullname" . }}-electric:{{ .Values.electric.service.port }}
{{- else -}}
-{{ .Values.config.electricOrigin }}
+{{ .Values.electric.external.url }}
{{- end -}}
{{- end }}
{{/*
-MinIO connection details
+ClickHouse hostname
*/}}
-{{- define "trigger-v4.minio.url" -}}
-{{- if .Values.minio.enabled -}}
-http://{{ include "trigger-v4.fullname" . }}-minio:{{ .Values.minio.service.ports.api }}
-{{- else if .Values.minio.external -}}
-{{ .Values.minio.externalConnection.url }}
-{{- else -}}
-""
+{{- define "trigger-v4.clickhouse.hostname" -}}
+{{- if .Values.clickhouse.host }}
+{{- .Values.clickhouse.host }}
+{{- else if .Values.clickhouse.deploy }}
+{{- printf "%s-clickhouse" .Release.Name }}
+{{- end }}
+{{- end }}
+
+{{/*
+ClickHouse URL for application (with secure parameter)
+*/}}
+{{- define "trigger-v4.clickhouse.url" -}}
+{{- if .Values.clickhouse.deploy -}}
+{{- $protocol := ternary "https" "http" .Values.clickhouse.secure -}}
+{{- $secure := ternary "true" "false" .Values.clickhouse.secure -}}
+{{ $protocol }}://{{ .Values.clickhouse.auth.username }}:{{ .Values.clickhouse.auth.password }}@{{ include "trigger-v4.clickhouse.hostname" . }}:8123?secure={{ $secure }}
+{{- else if .Values.clickhouse.external.host -}}
+{{- $protocol := ternary "https" "http" .Values.clickhouse.external.secure -}}
+{{- $secure := ternary "true" "false" .Values.clickhouse.external.secure -}}
+{{ $protocol }}://{{ .Values.clickhouse.external.username }}:{{ .Values.clickhouse.external.password }}@{{ .Values.clickhouse.external.host }}:{{ .Values.clickhouse.external.httpPort | default 8123 }}?secure={{ $secure }}
{{- end -}}
{{- end }}
+{{/*
+ClickHouse URL for replication (without secure parameter)
+*/}}
+{{- define "trigger-v4.clickhouse.replication.url" -}}
+{{- if .Values.clickhouse.deploy -}}
+{{- $protocol := ternary "https" "http" .Values.clickhouse.secure -}}
+{{ $protocol }}://{{ .Values.clickhouse.auth.username }}:{{ .Values.clickhouse.auth.password }}@{{ include "trigger-v4.clickhouse.hostname" . }}:8123
+{{- else if .Values.clickhouse.external.host -}}
+{{- $protocol := ternary "https" "http" .Values.clickhouse.external.secure -}}
+{{ $protocol }}://{{ .Values.clickhouse.external.username }}:{{ .Values.clickhouse.external.password }}@{{ .Values.clickhouse.external.host }}:{{ .Values.clickhouse.external.httpPort | default 8123 }}
+{{- end -}}
+{{- end }}
+
+{{/*
+S3 hostname
+*/}}
+{{- define "trigger-v4.s3.hostname" -}}
+{{- if .Values.s3.external.endpoint }}
+{{- .Values.s3.external.endpoint }}
+{{- else if .Values.s3.deploy }}
+{{- printf "http://%s-minio:9000" .Release.Name }}
+{{- end }}
+{{- end }}
+
+{{/*
+S3 connection details
+*/}}
+{{- define "trigger-v4.s3.url" -}}
+{{- include "trigger-v4.s3.hostname" . }}
+{{- end }}
+
+{{/*
+Backward compatibility - MinIO helpers (deprecated)
+*/}}
+{{- define "trigger-v4.minio.hostname" -}}
+{{- include "trigger-v4.s3.hostname" . }}
+{{- end }}
+
+{{- define "trigger-v4.minio.url" -}}
+{{- include "trigger-v4.s3.url" . }}
+{{- end }}
+
{{/*
Get the secrets name - either existing secret or generated name
*/}}
@@ -164,12 +237,10 @@ Get the secrets name - either existing secret or generated name
Registry connection details
*/}}
{{- define "trigger-v4.registry.host" -}}
-{{- if .Values.registry.external -}}
-{{ .Values.registry.externalConnection.host }}:{{ .Values.registry.externalConnection.port }}
-{{- else if .Values.registry.enabled -}}
+{{- if .Values.registry.deploy -}}
{{ include "trigger-v4.fullname" . }}-registry:{{ .Values.registry.service.port }}
{{- else -}}
-localhost:5000
+{{ .Values.registry.external.host }}:{{ .Values.registry.external.port }}
{{- end -}}
{{- end }}
@@ -177,10 +248,10 @@ localhost:5000
PostgreSQL host (for wait-for-it script)
*/}}
{{- define "trigger-v4.postgres.host" -}}
-{{- if .Values.postgres.external -}}
-{{ .Values.postgres.externalConnection.host }}:{{ .Values.postgres.externalConnection.port }}
-{{- else -}}
-{{ include "trigger-v4.fullname" . }}-postgres:{{ .Values.postgres.primary.service.ports.postgres }}
+{{- if .Values.postgres.host -}}
+{{ .Values.postgres.host }}:{{ .Values.postgres.port | default 5432 }}
+{{- else if .Values.postgres.deploy -}}
+{{ include "trigger-v4.postgres.hostname" . }}:5432
{{- end -}}
{{- end }}
@@ -217,17 +288,17 @@ Create the name of the supervisor cluster role to use
Generate docker config for image pull secret
*/}}
{{- define "trigger-v4.imagePullSecret" }}
-{{- if and .Values.registry.enabled .Values.registry.auth.enabled }}
+{{- if and .Values.registry.deploy .Values.registry.auth.enabled }}
{{- $registryHost := include "trigger-v4.registry.host" . }}
{{- $username := .Values.registry.auth.username }}
{{- $password := .Values.registry.auth.password }}
{{- $auth := printf "%s:%s" $username $password | b64enc }}
{{- $config := dict "auths" (dict $registryHost (dict "username" $username "password" $password "auth" $auth)) }}
{{- $config | toJson }}
-{{- else if and .Values.registry.external .Values.registry.externalConnection.auth.enabled }}
-{{- $registryHost := .Values.registry.externalConnection.host }}
-{{- $username := .Values.registry.externalConnection.auth.username }}
-{{- $password := .Values.registry.externalConnection.auth.password }}
+{{- else if and (not .Values.registry.deploy) .Values.registry.external.auth.enabled }}
+{{- $registryHost := .Values.registry.external.host }}
+{{- $username := .Values.registry.external.auth.username }}
+{{- $password := .Values.registry.external.auth.password }}
{{- $auth := printf "%s:%s" $username $password | b64enc }}
{{- $config := dict "auths" (dict $registryHost (dict "username" $username "password" $password "auth" $auth)) }}
{{- $config | toJson }}
diff --git a/hosting/k8s/helm/templates/clickhouse.yaml b/hosting/k8s/helm/templates/clickhouse.yaml
deleted file mode 100644
index bd9097e54e..0000000000
--- a/hosting/k8s/helm/templates/clickhouse.yaml
+++ /dev/null
@@ -1,165 +0,0 @@
-{{- if and .Values.clickhouse.enabled (not .Values.clickhouse.external) }}
-apiVersion: apps/v1
-kind: StatefulSet
-metadata:
- name: {{ include "trigger-v4.fullname" . }}-clickhouse
- labels:
- {{- $component := "clickhouse" }}
- {{- include "trigger-v4.componentLabels" (dict "Chart" .Chart "Release" .Release "Values" .Values "component" $component) | nindent 4 }}
-spec:
- replicas: 1
- serviceName: {{ include "trigger-v4.fullname" . }}-clickhouse-headless
- selector:
- matchLabels:
- {{- include "trigger-v4.componentSelectorLabels" (dict "Chart" .Chart "Release" .Release "Values" .Values "component" $component) | nindent 6 }}
- template:
- metadata:
- {{- with .Values.clickhouse.podAnnotations }}
- annotations:
- {{- toYaml . | nindent 8 }}
- {{- end }}
- labels:
- {{- include "trigger-v4.componentSelectorLabels" (dict "Chart" .Chart "Release" .Release "Values" .Values "component" $component) | nindent 8 }}
- spec:
- {{- with .Values.clickhouse.podSecurityContext }}
- securityContext:
- {{- toYaml . | nindent 8 }}
- {{- end }}
- containers:
- - name: clickhouse
- {{- with .Values.clickhouse.securityContext }}
- securityContext:
- {{- toYaml . | nindent 12 }}
- {{- end }}
- image: "{{ .Values.clickhouse.image.registry }}/{{ .Values.clickhouse.image.repository }}:{{ .Values.clickhouse.image.tag }}"
- imagePullPolicy: {{ .Values.clickhouse.image.pullPolicy }}
- ports:
- - name: native
- containerPort: {{ .Values.clickhouse.service.ports.native }}
- protocol: TCP
- - name: http
- containerPort: {{ .Values.clickhouse.service.ports.http }}
- protocol: TCP
- env:
- - name: CLICKHOUSE_ADMIN_USER
- value: {{ .Values.clickhouse.auth.adminUser | quote }}
- - name: CLICKHOUSE_ADMIN_PASSWORD
- value: {{ .Values.clickhouse.auth.adminPassword | quote }}
- {{- with .Values.clickhouse.extraEnv }}
- {{- toYaml . | nindent 12 }}
- {{- end }}
- livenessProbe:
- exec:
- command:
- - clickhouse-client
- - --host
- - localhost
- - --port
- - {{ .Values.clickhouse.service.ports.native | quote }}
- - --user
- - {{ .Values.clickhouse.auth.adminUser }}
- - --password
- - {{ .Values.clickhouse.auth.adminPassword }}
- - --query
- - "SELECT 1"
- initialDelaySeconds: 30
- periodSeconds: 10
- timeoutSeconds: 15
- failureThreshold: 5
- readinessProbe:
- exec:
- command:
- - clickhouse-client
- - --host
- - localhost
- - --port
- - {{ .Values.clickhouse.service.ports.native | quote }}
- - --user
- - {{ .Values.clickhouse.auth.adminUser }}
- - --password
- - {{ .Values.clickhouse.auth.adminPassword }}
- - --query
- - "SELECT 1"
- initialDelaySeconds: 30
- periodSeconds: 10
- timeoutSeconds: 15
- failureThreshold: 5
- resources:
- {{- toYaml .Values.clickhouse.resources | nindent 12 }}
- volumeMounts:
- - name: clickhouse-data
- mountPath: /bitnami/clickhouse
- - name: clickhouse-config
- mountPath: /bitnami/clickhouse/etc/config.d/override.xml
- subPath: override.xml
- readOnly: true
- volumes:
- - name: clickhouse-config
- configMap:
- name: {{ include "trigger-v4.fullname" . }}-clickhouse-config
- {{- if not .Values.clickhouse.persistence.enabled }}
- - name: clickhouse-data
- emptyDir: {}
- {{- end }}
- {{- if .Values.clickhouse.persistence.enabled }}
- volumeClaimTemplates:
- - metadata:
- name: clickhouse-data
- labels:
- {{- $component := "clickhouse" }}
- {{- include "trigger-v4.componentLabels" (dict "Chart" .Chart "Release" .Release "Values" .Values "component" $component) | nindent 10 }}
- spec:
- accessModes:
- - ReadWriteOnce
- resources:
- requests:
- storage: {{ .Values.clickhouse.persistence.size }}
- {{- $storageClass := .Values.clickhouse.persistence.storageClass | default .Values.global.storageClass }}
- {{- if $storageClass }}
- storageClassName: {{ $storageClass | quote }}
- {{- end }}
- {{- end }}
----
-apiVersion: v1
-kind: Service
-metadata:
- name: {{ include "trigger-v4.fullname" . }}-clickhouse-headless
- labels:
- {{- $component := "clickhouse" }}
- {{- include "trigger-v4.componentLabels" (dict "Chart" .Chart "Release" .Release "Values" .Values "component" $component) | nindent 4 }}
-spec:
- type: ClusterIP
- clusterIP: None
- ports:
- - name: native
- port: {{ .Values.clickhouse.service.ports.native }}
- targetPort: native
- protocol: TCP
- - name: http
- port: {{ .Values.clickhouse.service.ports.http }}
- targetPort: http
- protocol: TCP
- selector:
- {{- include "trigger-v4.componentSelectorLabels" (dict "Chart" .Chart "Release" .Release "Values" .Values "component" $component) | nindent 4 }}
----
-apiVersion: v1
-kind: Service
-metadata:
- name: {{ include "trigger-v4.fullname" . }}-clickhouse
- labels:
- {{- $component := "clickhouse" }}
- {{- include "trigger-v4.componentLabels" (dict "Chart" .Chart "Release" .Release "Values" .Values "component" $component) | nindent 4 }}
-spec:
- type: {{ .Values.clickhouse.service.type }}
- ports:
- - name: native
- port: {{ .Values.clickhouse.service.ports.native }}
- targetPort: native
- protocol: TCP
- - name: http
- port: {{ .Values.clickhouse.service.ports.http }}
- targetPort: http
- protocol: TCP
- selector:
- {{- include "trigger-v4.componentSelectorLabels" (dict "Chart" .Chart "Release" .Release "Values" .Values "component" $component) | nindent 4 }}
-{{- end }}
\ No newline at end of file
diff --git a/hosting/k8s/helm/templates/configmap.yaml b/hosting/k8s/helm/templates/configmap.yaml
deleted file mode 100644
index b3bd8230c8..0000000000
--- a/hosting/k8s/helm/templates/configmap.yaml
+++ /dev/null
@@ -1,11 +0,0 @@
-{{- if and .Values.clickhouse.enabled (not .Values.clickhouse.external) }}
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: {{ include "trigger-v4.fullname" . }}-clickhouse-config
- labels:
- {{- include "trigger-v4.labels" . | nindent 4 }}
-data:
- override.xml: |
-{{ .Values.clickhouse.config.override | indent 4 }}
-{{- end }}
\ No newline at end of file
diff --git a/hosting/k8s/helm/templates/electric.yaml b/hosting/k8s/helm/templates/electric.yaml
index 35320916b9..0142946568 100644
--- a/hosting/k8s/helm/templates/electric.yaml
+++ b/hosting/k8s/helm/templates/electric.yaml
@@ -1,4 +1,4 @@
-{{- if .Values.electric.enabled }}
+{{- if .Values.electric.deploy }}
apiVersion: apps/v1
kind: Deployment
metadata:
@@ -43,25 +43,42 @@ spec:
value: {{ .Values.electric.config.insecure | quote }}
- name: ELECTRIC_USAGE_REPORTING
value: {{ .Values.electric.config.usageReporting | quote }}
- {{- with .Values.electric.extraEnv }}
+ {{- with .Values.electric.extraEnvVars }}
{{- toYaml . | nindent 12 }}
{{- end }}
+ {{- if .Values.electric.livenessProbe.enabled }}
livenessProbe:
httpGet:
path: /v1/health
port: http
- initialDelaySeconds: 10
- periodSeconds: 10
- timeoutSeconds: 5
- failureThreshold: 5
+ initialDelaySeconds: {{ .Values.electric.livenessProbe.initialDelaySeconds }}
+ periodSeconds: {{ .Values.electric.livenessProbe.periodSeconds }}
+ timeoutSeconds: {{ .Values.electric.livenessProbe.timeoutSeconds }}
+ failureThreshold: {{ .Values.electric.livenessProbe.failureThreshold }}
+ successThreshold: {{ .Values.electric.livenessProbe.successThreshold }}
+ {{- end }}
+ {{- if .Values.electric.readinessProbe.enabled }}
readinessProbe:
httpGet:
path: /v1/health
port: http
- initialDelaySeconds: 10
- periodSeconds: 10
- timeoutSeconds: 5
- failureThreshold: 5
+ initialDelaySeconds: {{ .Values.electric.readinessProbe.initialDelaySeconds }}
+ periodSeconds: {{ .Values.electric.readinessProbe.periodSeconds }}
+ timeoutSeconds: {{ .Values.electric.readinessProbe.timeoutSeconds }}
+ failureThreshold: {{ .Values.electric.readinessProbe.failureThreshold }}
+ successThreshold: {{ .Values.electric.readinessProbe.successThreshold }}
+ {{- end }}
+ {{- if .Values.electric.startupProbe.enabled }}
+ startupProbe:
+ httpGet:
+ path: /v1/health
+ port: http
+ initialDelaySeconds: {{ .Values.electric.startupProbe.initialDelaySeconds }}
+ periodSeconds: {{ .Values.electric.startupProbe.periodSeconds }}
+ timeoutSeconds: {{ .Values.electric.startupProbe.timeoutSeconds }}
+ failureThreshold: {{ .Values.electric.startupProbe.failureThreshold }}
+ successThreshold: {{ .Values.electric.startupProbe.successThreshold }}
+ {{- end }}
resources:
{{- toYaml .Values.electric.resources | nindent 12 }}
---
diff --git a/hosting/k8s/helm/templates/minio.yaml b/hosting/k8s/helm/templates/minio.yaml
deleted file mode 100644
index 3fcfb319b8..0000000000
--- a/hosting/k8s/helm/templates/minio.yaml
+++ /dev/null
@@ -1,143 +0,0 @@
-{{- if .Values.minio.enabled }}
-apiVersion: apps/v1
-kind: StatefulSet
-metadata:
- name: {{ include "trigger-v4.fullname" . }}-minio
- labels:
- {{- $component := "minio" }}
- {{- include "trigger-v4.componentLabels" (dict "Chart" .Chart "Release" .Release "Values" .Values "component" $component) | nindent 4 }}
-spec:
- replicas: 1
- serviceName: {{ include "trigger-v4.fullname" . }}-minio-headless
- selector:
- matchLabels:
- {{- include "trigger-v4.componentSelectorLabels" (dict "Chart" .Chart "Release" .Release "Values" .Values "component" $component) | nindent 6 }}
- template:
- metadata:
- {{- with .Values.minio.podAnnotations }}
- annotations:
- {{- toYaml . | nindent 8 }}
- {{- end }}
- labels:
- {{- include "trigger-v4.componentSelectorLabels" (dict "Chart" .Chart "Release" .Release "Values" .Values "component" $component) | nindent 8 }}
- spec:
- {{- with .Values.minio.podSecurityContext }}
- securityContext:
- {{- toYaml . | nindent 8 }}
- {{- end }}
- containers:
- - name: minio
- {{- with .Values.minio.securityContext }}
- securityContext:
- {{- toYaml . | nindent 12 }}
- {{- end }}
- image: "{{ .Values.minio.image.registry }}/{{ .Values.minio.image.repository }}:{{ .Values.minio.image.tag }}"
- imagePullPolicy: {{ .Values.minio.image.pullPolicy }}
- args:
- - server
- - --console-address
- - ":9001"
- - /data
- ports:
- - name: api
- containerPort: {{ .Values.minio.service.ports.api }}
- protocol: TCP
- - name: console
- containerPort: {{ .Values.minio.service.ports.console }}
- protocol: TCP
- env:
- - name: MINIO_ROOT_USER
- value: {{ .Values.minio.auth.rootUser | quote }}
- - name: MINIO_ROOT_PASSWORD
- value: {{ .Values.minio.auth.rootPassword | quote }}
- {{- with .Values.minio.extraEnv }}
- {{- toYaml . | nindent 12 }}
- {{- end }}
- livenessProbe:
- httpGet:
- path: /minio/health/live
- port: api
- initialDelaySeconds: 10
- periodSeconds: 5
- timeoutSeconds: 10
- failureThreshold: 5
- readinessProbe:
- httpGet:
- path: /minio/health/live
- port: api
- initialDelaySeconds: 10
- periodSeconds: 5
- timeoutSeconds: 10
- failureThreshold: 5
- resources:
- {{- toYaml .Values.minio.resources | nindent 12 }}
- volumeMounts:
- - name: minio-data
- mountPath: /data
- {{- if not .Values.minio.persistence.enabled }}
- volumes:
- - name: minio-data
- emptyDir: {}
- {{- end }}
- {{- if .Values.minio.persistence.enabled }}
- volumeClaimTemplates:
- - metadata:
- name: minio-data
- labels:
- {{- $component := "minio" }}
- {{- include "trigger-v4.componentLabels" (dict "Chart" .Chart "Release" .Release "Values" .Values "component" $component) | nindent 10 }}
- spec:
- accessModes:
- - ReadWriteOnce
- resources:
- requests:
- storage: {{ .Values.minio.persistence.size }}
- {{- $storageClass := .Values.minio.persistence.storageClass | default .Values.global.storageClass }}
- {{- if $storageClass }}
- storageClassName: {{ $storageClass | quote }}
- {{- end }}
- {{- end }}
----
-apiVersion: v1
-kind: Service
-metadata:
- name: {{ include "trigger-v4.fullname" . }}-minio-headless
- labels:
- {{- $component := "minio" }}
- {{- include "trigger-v4.componentLabels" (dict "Chart" .Chart "Release" .Release "Values" .Values "component" $component) | nindent 4 }}
-spec:
- type: ClusterIP
- clusterIP: None
- ports:
- - name: api
- port: {{ .Values.minio.service.ports.api }}
- targetPort: api
- protocol: TCP
- - name: console
- port: {{ .Values.minio.service.ports.console }}
- targetPort: console
- protocol: TCP
- selector:
- {{- include "trigger-v4.componentSelectorLabels" (dict "Chart" .Chart "Release" .Release "Values" .Values "component" $component) | nindent 4 }}
----
-apiVersion: v1
-kind: Service
-metadata:
- name: {{ include "trigger-v4.fullname" . }}-minio
- labels:
- {{- $component := "minio" }}
- {{- include "trigger-v4.componentLabels" (dict "Chart" .Chart "Release" .Release "Values" .Values "component" $component) | nindent 4 }}
-spec:
- type: {{ .Values.minio.service.type }}
- ports:
- - name: api
- port: {{ .Values.minio.service.ports.api }}
- targetPort: api
- protocol: TCP
- - name: console
- port: {{ .Values.minio.service.ports.console }}
- targetPort: console
- protocol: TCP
- selector:
- {{- include "trigger-v4.componentSelectorLabels" (dict "Chart" .Chart "Release" .Release "Values" .Values "component" $component) | nindent 4 }}
-{{- end }}
\ No newline at end of file
diff --git a/hosting/k8s/helm/templates/postgresql.yaml b/hosting/k8s/helm/templates/postgresql.yaml
deleted file mode 100644
index 5252a0466e..0000000000
--- a/hosting/k8s/helm/templates/postgresql.yaml
+++ /dev/null
@@ -1,138 +0,0 @@
-{{- if and .Values.postgres.enabled (not .Values.postgres.external) }}
-apiVersion: apps/v1
-kind: StatefulSet
-metadata:
- name: {{ include "trigger-v4.fullname" . }}-postgres
- labels:
- {{- $component := "postgres" }}
- {{- include "trigger-v4.componentLabels" (dict "Chart" .Chart "Release" .Release "Values" .Values "component" $component) | nindent 4 }}
-spec:
- replicas: 1
- serviceName: {{ include "trigger-v4.fullname" . }}-postgres-headless
- selector:
- matchLabels:
- {{- include "trigger-v4.componentSelectorLabels" (dict "Chart" .Chart "Release" .Release "Values" .Values "component" $component) | nindent 6 }}
- template:
- metadata:
- {{- with .Values.postgres.podAnnotations }}
- annotations:
- {{- toYaml . | nindent 8 }}
- {{- end }}
- labels:
- {{- include "trigger-v4.componentSelectorLabels" (dict "Chart" .Chart "Release" .Release "Values" .Values "component" $component) | nindent 8 }}
- spec:
- {{- with .Values.postgres.podSecurityContext }}
- securityContext:
- {{- toYaml . | nindent 8 }}
- {{- end }}
- containers:
- - name: postgres
- {{- with .Values.postgres.securityContext }}
- securityContext:
- {{- toYaml . | nindent 12 }}
- {{- end }}
- image: "{{ .Values.postgres.image.registry }}/{{ .Values.postgres.image.repository }}:{{ .Values.postgres.image.tag }}"
- imagePullPolicy: {{ .Values.postgres.image.pullPolicy }}
- ports:
- - name: postgres
- containerPort: {{ .Values.postgres.primary.service.ports.postgres }}
- protocol: TCP
- env:
- - name: POSTGRES_USER
- value: {{ .Values.postgres.auth.username | quote }}
- - name: POSTGRES_PASSWORD
- value: {{ .Values.postgres.auth.password | quote }}
- - name: POSTGRES_DB
- value: {{ .Values.postgres.auth.database | quote }}
- {{- with .Values.postgres.extraEnv }}
- {{- toYaml . | nindent 12 }}
- {{- end }}
- args:
- - "-c"
- - "wal_level=logical"
- {{- with .Values.postgres.extraArgs }}
- {{- toYaml . | nindent 12 }}
- {{- end }}
- livenessProbe:
- exec:
- command:
- - pg_isready
- - -U
- - {{ .Values.postgres.auth.username }}
- initialDelaySeconds: 10
- periodSeconds: 10
- timeoutSeconds: 5
- failureThreshold: 5
- readinessProbe:
- exec:
- command:
- - pg_isready
- - -U
- - {{ .Values.postgres.auth.username }}
- initialDelaySeconds: 10
- periodSeconds: 10
- timeoutSeconds: 5
- failureThreshold: 5
- resources:
- {{- toYaml .Values.postgres.primary.resources | nindent 12 }}
- volumeMounts:
- - name: postgres-data
- mountPath: /var/lib/postgresql/data
- {{- if .Values.postgres.primary.persistence.enabled }}
- volumeClaimTemplates:
- - metadata:
- name: postgres-data
- labels:
- {{- $component := "postgres" }}
- {{- include "trigger-v4.componentLabels" (dict "Chart" .Chart "Release" .Release "Values" .Values "component" $component) | nindent 10 }}
- spec:
- accessModes:
- - ReadWriteOnce
- resources:
- requests:
- storage: {{ .Values.postgres.primary.persistence.size }}
- {{- $storageClass := .Values.postgres.primary.persistence.storageClass | default .Values.global.storageClass }}
- {{- if $storageClass }}
- storageClassName: {{ $storageClass | quote }}
- {{- end }}
- {{- else }}
- volumes:
- - name: postgres-data
- emptyDir: {}
- {{- end }}
----
-apiVersion: v1
-kind: Service
-metadata:
- name: {{ include "trigger-v4.fullname" . }}-postgres-headless
- labels:
- {{- $component := "postgres" }}
- {{- include "trigger-v4.componentLabels" (dict "Chart" .Chart "Release" .Release "Values" .Values "component" $component) | nindent 4 }}
-spec:
- type: ClusterIP
- clusterIP: None
- ports:
- - name: postgres
- port: {{ .Values.postgres.primary.service.ports.postgres }}
- targetPort: postgres
- protocol: TCP
- selector:
- {{- include "trigger-v4.componentSelectorLabels" (dict "Chart" .Chart "Release" .Release "Values" .Values "component" $component) | nindent 4 }}
----
-apiVersion: v1
-kind: Service
-metadata:
- name: {{ include "trigger-v4.fullname" . }}-postgres
- labels:
- {{- $component := "postgres" }}
- {{- include "trigger-v4.componentLabels" (dict "Chart" .Chart "Release" .Release "Values" .Values "component" $component) | nindent 4 }}
-spec:
- type: ClusterIP
- ports:
- - name: postgres
- port: {{ .Values.postgres.primary.service.ports.postgres }}
- targetPort: postgres
- protocol: TCP
- selector:
- {{- include "trigger-v4.componentSelectorLabels" (dict "Chart" .Chart "Release" .Release "Values" .Values "component" $component) | nindent 4 }}
-{{- end }}
\ No newline at end of file
diff --git a/hosting/k8s/helm/templates/redis.yaml b/hosting/k8s/helm/templates/redis.yaml
deleted file mode 100644
index f037bbc869..0000000000
--- a/hosting/k8s/helm/templates/redis.yaml
+++ /dev/null
@@ -1,125 +0,0 @@
-{{- if and .Values.redis.enabled (not .Values.redis.external) }}
-apiVersion: apps/v1
-kind: StatefulSet
-metadata:
- name: {{ include "trigger-v4.fullname" . }}-redis-master
- labels:
- {{- $component := "redis" }}
- {{- include "trigger-v4.componentLabels" (dict "Chart" .Chart "Release" .Release "Values" .Values "component" $component) | nindent 4 }}
-spec:
- replicas: 1
- serviceName: {{ include "trigger-v4.fullname" . }}-redis-headless
- selector:
- matchLabels:
- {{- include "trigger-v4.componentSelectorLabels" (dict "Chart" .Chart "Release" .Release "Values" .Values "component" $component) | nindent 6 }}
- template:
- metadata:
- {{- with .Values.redis.podAnnotations }}
- annotations:
- {{- toYaml . | nindent 8 }}
- {{- end }}
- labels:
- {{- include "trigger-v4.componentSelectorLabels" (dict "Chart" .Chart "Release" .Release "Values" .Values "component" $component) | nindent 8 }}
- spec:
- {{- with .Values.redis.podSecurityContext }}
- securityContext:
- {{- toYaml . | nindent 8 }}
- {{- end }}
- containers:
- - name: redis
- {{- with .Values.redis.securityContext }}
- securityContext:
- {{- toYaml . | nindent 12 }}
- {{- end }}
- image: "{{ .Values.redis.image.registry }}/{{ .Values.redis.image.repository }}:{{ .Values.redis.image.tag }}"
- imagePullPolicy: {{ .Values.redis.image.pullPolicy }}
- ports:
- - name: redis
- containerPort: {{ .Values.redis.master.service.ports.redis }}
- protocol: TCP
- {{- with .Values.redis.extraEnv }}
- env:
- {{- toYaml . | nindent 12 }}
- {{- end }}
- livenessProbe:
- exec:
- command:
- - redis-cli
- - ping
- initialDelaySeconds: 10
- periodSeconds: 10
- timeoutSeconds: 5
- failureThreshold: 5
- readinessProbe:
- exec:
- command:
- - redis-cli
- - ping
- initialDelaySeconds: 10
- periodSeconds: 10
- timeoutSeconds: 5
- failureThreshold: 5
- resources:
- {{- toYaml .Values.redis.master.resources | nindent 12 }}
- volumeMounts:
- - name: redis-data
- mountPath: /data
- {{- if not .Values.redis.master.persistence.enabled }}
- volumes:
- - name: redis-data
- emptyDir: {}
- {{- end }}
- {{- if .Values.redis.master.persistence.enabled }}
- volumeClaimTemplates:
- - metadata:
- name: redis-data
- labels:
- {{- $component := "redis" }}
- {{- include "trigger-v4.componentLabels" (dict "Chart" .Chart "Release" .Release "Values" .Values "component" $component) | nindent 10 }}
- spec:
- accessModes:
- - ReadWriteOnce
- resources:
- requests:
- storage: {{ .Values.redis.master.persistence.size }}
- {{- $storageClass := .Values.redis.master.persistence.storageClass | default .Values.global.storageClass }}
- {{- if $storageClass }}
- storageClassName: {{ $storageClass | quote }}
- {{- end }}
- {{- end }}
----
-apiVersion: v1
-kind: Service
-metadata:
- name: {{ include "trigger-v4.fullname" . }}-redis-headless
- labels:
- {{- $component := "redis" }}
- {{- include "trigger-v4.componentLabels" (dict "Chart" .Chart "Release" .Release "Values" .Values "component" $component) | nindent 4 }}
-spec:
- type: ClusterIP
- clusterIP: None
- ports:
- - name: redis
- port: {{ .Values.redis.master.service.ports.redis }}
- targetPort: redis
- protocol: TCP
- selector:
- {{- include "trigger-v4.componentSelectorLabels" (dict "Chart" .Chart "Release" .Release "Values" .Values "component" $component) | nindent 4 }}
----
-apiVersion: v1
-kind: Service
-metadata:
- name: {{ include "trigger-v4.fullname" . }}-redis-master
- labels:
- {{- $component := "redis" }}
- {{- include "trigger-v4.componentLabels" (dict "Chart" .Chart "Release" .Release "Values" .Values "component" $component) | nindent 4 }}
-spec:
- type: ClusterIP
- ports:
- - name: redis
- port: {{ .Values.redis.master.service.ports.redis }}
- targetPort: redis
- protocol: TCP
- selector:
- {{- include "trigger-v4.componentSelectorLabels" (dict "Chart" .Chart "Release" .Release "Values" .Values "component" $component) | nindent 4 }}
-{{- end }}
\ No newline at end of file
diff --git a/hosting/k8s/helm/templates/registry.yaml b/hosting/k8s/helm/templates/registry.yaml
index 528b361a6b..52f31e25d4 100644
--- a/hosting/k8s/helm/templates/registry.yaml
+++ b/hosting/k8s/helm/templates/registry.yaml
@@ -1,4 +1,4 @@
-{{- if and .Values.registry.enabled (not .Values.registry.external) }}
+{{- if .Values.registry.deploy }}
apiVersion: apps/v1
kind: StatefulSet
metadata:
@@ -37,7 +37,7 @@ spec:
- name: http
containerPort: {{ .Values.registry.service.targetPort }}
protocol: TCP
- {{- if or .Values.registry.auth.enabled .Values.registry.extraEnv }}
+ {{- if or .Values.registry.auth.enabled .Values.registry.extraEnvVars }}
env:
{{- if .Values.registry.auth.enabled }}
- name: REGISTRY_AUTH
@@ -47,31 +47,51 @@ spec:
- name: REGISTRY_AUTH_HTPASSWD_PATH
value: "/auth/htpasswd"
{{- end }}
- {{- with .Values.registry.extraEnv }}
+ {{- with .Values.registry.extraEnvVars }}
{{- toYaml . | nindent 12 }}
{{- end }}
{{- end }}
+ {{- if .Values.registry.livenessProbe.enabled }}
livenessProbe:
httpGet:
path: /
port: http
- initialDelaySeconds: 10
- periodSeconds: 10
- timeoutSeconds: 5
- failureThreshold: 5
+ initialDelaySeconds: {{ .Values.registry.livenessProbe.initialDelaySeconds }}
+ periodSeconds: {{ .Values.registry.livenessProbe.periodSeconds }}
+ timeoutSeconds: {{ .Values.registry.livenessProbe.timeoutSeconds }}
+ failureThreshold: {{ .Values.registry.livenessProbe.failureThreshold }}
+ successThreshold: {{ .Values.registry.livenessProbe.successThreshold }}
+ {{- end }}
+ {{- if .Values.registry.readinessProbe.enabled }}
readinessProbe:
httpGet:
path: /
port: http
- initialDelaySeconds: 10
- periodSeconds: 10
- timeoutSeconds: 5
- failureThreshold: 5
+ initialDelaySeconds: {{ .Values.registry.readinessProbe.initialDelaySeconds }}
+ periodSeconds: {{ .Values.registry.readinessProbe.periodSeconds }}
+ timeoutSeconds: {{ .Values.registry.readinessProbe.timeoutSeconds }}
+ failureThreshold: {{ .Values.registry.readinessProbe.failureThreshold }}
+ successThreshold: {{ .Values.registry.readinessProbe.successThreshold }}
+ {{- end }}
+ {{- if .Values.registry.startupProbe.enabled }}
+ startupProbe:
+ httpGet:
+ path: /
+ port: http
+ initialDelaySeconds: {{ .Values.registry.startupProbe.initialDelaySeconds }}
+ periodSeconds: {{ .Values.registry.startupProbe.periodSeconds }}
+ timeoutSeconds: {{ .Values.registry.startupProbe.timeoutSeconds }}
+ failureThreshold: {{ .Values.registry.startupProbe.failureThreshold }}
+ successThreshold: {{ .Values.registry.startupProbe.successThreshold }}
+ {{- end }}
resources:
{{- toYaml .Values.registry.resources | nindent 12 }}
volumeMounts:
- - name: registry-data
- mountPath: /var/lib/registry
+ - name: {{ .Values.registry.persistence.volumeName }}
+ mountPath: {{ .Values.registry.persistence.mountPath }}
+ {{- if .Values.registry.persistence.subPath }}
+ subPath: {{ .Values.registry.persistence.subPath }}
+ {{- end }}
{{- if .Values.registry.auth.enabled }}
- name: registry-auth
mountPath: /auth
@@ -84,19 +104,30 @@ spec:
secretName: {{ include "trigger-v4.fullname" . }}-registry-auth
{{- end }}
{{- if not .Values.registry.persistence.enabled }}
- - name: registry-data
+ - name: {{ .Values.registry.persistence.volumeName }}
emptyDir: {}
+ {{- else if .Values.registry.persistence.existingClaim }}
+ - name: {{ .Values.registry.persistence.volumeName }}
+ persistentVolumeClaim:
+ claimName: {{ .Values.registry.persistence.existingClaim }}
{{- end }}
{{- if .Values.registry.persistence.enabled }}
volumeClaimTemplates:
- metadata:
- name: registry-data
+ name: {{ .Values.registry.persistence.volumeName }}
+ {{- with .Values.registry.persistence.annotations }}
+ annotations:
+ {{- toYaml . | nindent 10 }}
+ {{- end }}
labels:
{{- $component := "registry" }}
{{- include "trigger-v4.componentLabels" (dict "Chart" .Chart "Release" .Release "Values" .Values "component" $component) | nindent 10 }}
+ {{- with .Values.registry.persistence.labels }}
+ {{- toYaml . | nindent 10 }}
+ {{- end }}
spec:
accessModes:
- - ReadWriteOnce
+ {{- toYaml .Values.registry.persistence.accessModes | nindent 10 }}
resources:
requests:
storage: {{ .Values.registry.persistence.size }}
@@ -104,6 +135,14 @@ spec:
{{- if $storageClass }}
storageClassName: {{ $storageClass | quote }}
{{- end }}
+ {{- with .Values.registry.persistence.selector }}
+ selector:
+ {{- toYaml . | nindent 10 }}
+ {{- end }}
+ {{- with .Values.registry.persistence.dataSource }}
+ dataSource:
+ {{- toYaml . | nindent 10 }}
+ {{- end }}
{{- end }}
---
apiVersion: v1
diff --git a/hosting/k8s/helm/templates/secrets.yaml b/hosting/k8s/helm/templates/secrets.yaml
index e93702cf91..3f88eaab99 100644
--- a/hosting/k8s/helm/templates/secrets.yaml
+++ b/hosting/k8s/helm/templates/secrets.yaml
@@ -15,7 +15,7 @@ data:
OBJECT_STORE_SECRET_ACCESS_KEY: {{ .Values.secrets.objectStore.secretAccessKey | b64enc | quote }}
{{- end }}
---
-{{- if and .Values.registry.enabled .Values.registry.auth.enabled }}
+{{- if and .Values.registry.deploy .Values.registry.auth.enabled }}
apiVersion: v1
kind: Secret
metadata:
@@ -35,7 +35,7 @@ metadata:
type: kubernetes.io/dockerconfigjson
data:
.dockerconfigjson: {{ include "trigger-v4.imagePullSecret" . | b64enc }}
-{{- else if and .Values.registry.external .Values.registry.externalConnection.auth.enabled }}
+{{- else if and (not .Values.registry.deploy) .Values.registry.external.auth.enabled }}
apiVersion: v1
kind: Secret
metadata:
diff --git a/hosting/k8s/helm/templates/supervisor.yaml b/hosting/k8s/helm/templates/supervisor.yaml
index 0aba0e206f..4f24d7d97a 100644
--- a/hosting/k8s/helm/templates/supervisor.yaml
+++ b/hosting/k8s/helm/templates/supervisor.yaml
@@ -1,4 +1,3 @@
-{{- if .Values.supervisor.enabled }}
{{- if .Values.supervisor.serviceAccount.create }}
apiVersion: v1
kind: ServiceAccount
@@ -95,22 +94,39 @@ spec:
- name: metrics
containerPort: {{ .Values.supervisor.service.ports.metrics }}
protocol: TCP
+ {{- if .Values.supervisor.livenessProbe.enabled }}
livenessProbe:
httpGet:
path: /health
port: workload
- initialDelaySeconds: 30
- periodSeconds: 10
- timeoutSeconds: 5
- failureThreshold: 3
+ initialDelaySeconds: {{ .Values.supervisor.livenessProbe.initialDelaySeconds }}
+ periodSeconds: {{ .Values.supervisor.livenessProbe.periodSeconds }}
+ timeoutSeconds: {{ .Values.supervisor.livenessProbe.timeoutSeconds }}
+ failureThreshold: {{ .Values.supervisor.livenessProbe.failureThreshold }}
+ successThreshold: {{ .Values.supervisor.livenessProbe.successThreshold }}
+ {{- end }}
+ {{- if .Values.supervisor.readinessProbe.enabled }}
readinessProbe:
httpGet:
path: /health
port: workload
- initialDelaySeconds: 15
- periodSeconds: 10
- timeoutSeconds: 5
- failureThreshold: 3
+ initialDelaySeconds: {{ .Values.supervisor.readinessProbe.initialDelaySeconds }}
+ periodSeconds: {{ .Values.supervisor.readinessProbe.periodSeconds }}
+ timeoutSeconds: {{ .Values.supervisor.readinessProbe.timeoutSeconds }}
+ failureThreshold: {{ .Values.supervisor.readinessProbe.failureThreshold }}
+ successThreshold: {{ .Values.supervisor.readinessProbe.successThreshold }}
+ {{- end }}
+ {{- if .Values.supervisor.startupProbe.enabled }}
+ startupProbe:
+ httpGet:
+ path: /health
+ port: workload
+ initialDelaySeconds: {{ .Values.supervisor.startupProbe.initialDelaySeconds }}
+ periodSeconds: {{ .Values.supervisor.startupProbe.periodSeconds }}
+ timeoutSeconds: {{ .Values.supervisor.startupProbe.timeoutSeconds }}
+ failureThreshold: {{ .Values.supervisor.startupProbe.failureThreshold }}
+ successThreshold: {{ .Values.supervisor.startupProbe.successThreshold }}
+ {{- end }}
resources:
{{- toYaml .Values.supervisor.resources | nindent 12 }}
env:
@@ -147,7 +163,13 @@ spec:
value: {{ .Values.supervisor.config.kubernetes.forceEnabled | quote }}
- name: KUBERNETES_WORKER_NODETYPE_LABEL
value: {{ .Values.supervisor.config.kubernetes.workerNodetypeLabel | quote }}
- {{- if or (and .Values.registry.enabled .Values.registry.auth.enabled) (and .Values.registry.external .Values.registry.externalConnection.auth.enabled) }}
+ {{- $registryAuthEnabled := false }}
+ {{- if .Values.registry.deploy }}
+ {{- $registryAuthEnabled = .Values.registry.auth.enabled }}
+ {{- else }}
+ {{- $registryAuthEnabled = .Values.registry.external.auth.enabled }}
+ {{- end }}
+ {{- if $registryAuthEnabled }}
- name: KUBERNETES_IMAGE_PULL_SECRETS
value: "{{ include "trigger-v4.fullname" . }}-registry-secret"
{{- end }}
@@ -209,7 +231,7 @@ spec:
# OTEL
- name: OTEL_EXPORTER_OTLP_ENDPOINT
value: "http://{{ include "trigger-v4.fullname" . }}-webapp:{{ .Values.webapp.service.port }}/otel"
- {{- with .Values.supervisor.extraEnv }}
+ {{- with .Values.supervisor.extraEnvVars }}
{{- toYaml . | nindent 12 }}
{{- end }}
volumeMounts:
@@ -259,5 +281,4 @@ spec:
protocol: TCP
name: metrics
selector:
- {{- include "trigger-v4.componentSelectorLabels" (dict "Chart" .Chart "Release" .Release "Values" .Values "component" $component) | nindent 4 }}
-{{- end }}
\ No newline at end of file
+ {{- include "trigger-v4.componentSelectorLabels" (dict "Chart" .Chart "Release" .Release "Values" .Values "component" $component) | nindent 4 }}
\ No newline at end of file
diff --git a/hosting/k8s/helm/templates/tests/test-clickhouse.yaml b/hosting/k8s/helm/templates/tests/test-clickhouse.yaml
index 814255b719..9bde62c2ad 100644
--- a/hosting/k8s/helm/templates/tests/test-clickhouse.yaml
+++ b/hosting/k8s/helm/templates/tests/test-clickhouse.yaml
@@ -1,4 +1,4 @@
-{{- if and .Values.clickhouse.enabled (not .Values.clickhouse.external) }}
+{{- if .Values.clickhouse.deploy }}
apiVersion: v1
kind: Pod
metadata:
diff --git a/hosting/k8s/helm/templates/tests/test-electric.yaml b/hosting/k8s/helm/templates/tests/test-electric.yaml
index 0e6c657e96..8d7c6c8128 100644
--- a/hosting/k8s/helm/templates/tests/test-electric.yaml
+++ b/hosting/k8s/helm/templates/tests/test-electric.yaml
@@ -1,4 +1,4 @@
-{{- if .Values.electric.enabled }}
+{{- if .Values.electric.deploy }}
apiVersion: v1
kind: Pod
metadata:
diff --git a/hosting/k8s/helm/templates/tests/test-postgresql.yaml b/hosting/k8s/helm/templates/tests/test-postgresql.yaml
index 2e6028bea6..75eab7498b 100644
--- a/hosting/k8s/helm/templates/tests/test-postgresql.yaml
+++ b/hosting/k8s/helm/templates/tests/test-postgresql.yaml
@@ -1,4 +1,4 @@
-{{- if and .Values.postgres.enabled (not .Values.postgres.external) }}
+{{- if .Values.postgres.deploy }}
apiVersion: v1
kind: Pod
metadata:
@@ -11,7 +11,7 @@ spec:
restartPolicy: Never
containers:
- name: test-postgres
- image: postgres:{{ .Values.postgres.image.tag }}
+ image: {{ .Values.postgres.image.registry }}/{{ .Values.postgres.image.repository }}:{{ .Values.postgres.image.tag }}
command: ['sh', '-c']
args:
- |
diff --git a/hosting/k8s/helm/templates/tests/test-redis.yaml b/hosting/k8s/helm/templates/tests/test-redis.yaml
index 4ba2c46c34..057fbf5282 100644
--- a/hosting/k8s/helm/templates/tests/test-redis.yaml
+++ b/hosting/k8s/helm/templates/tests/test-redis.yaml
@@ -1,4 +1,4 @@
-{{- if and .Values.redis.enabled (not .Values.redis.external) }}
+{{- if .Values.redis.deploy }}
apiVersion: v1
kind: Pod
metadata:
@@ -11,7 +11,7 @@ spec:
restartPolicy: Never
containers:
- name: test-redis
- image: redis:{{ .Values.redis.image.tag }}
+ image: {{ .Values.redis.image.registry }}/{{ .Values.redis.image.repository }}:{{ .Values.redis.image.tag }}
command: ['sh', '-c']
args:
- |
diff --git a/hosting/k8s/helm/templates/tests/test-minio.yaml b/hosting/k8s/helm/templates/tests/test-s3.yaml
similarity index 55%
rename from hosting/k8s/helm/templates/tests/test-minio.yaml
rename to hosting/k8s/helm/templates/tests/test-s3.yaml
index 605d35690e..a4cfeafedf 100644
--- a/hosting/k8s/helm/templates/tests/test-minio.yaml
+++ b/hosting/k8s/helm/templates/tests/test-s3.yaml
@@ -1,8 +1,8 @@
-{{- if .Values.minio.enabled }}
+{{- if .Values.s3.deploy }}
apiVersion: v1
kind: Pod
metadata:
- name: "{{ include "trigger-v4.fullname" . }}-test-minio"
+ name: "{{ include "trigger-v4.fullname" . }}-test-s3"
labels:
{{- include "trigger-v4.labels" . | nindent 4 }}
annotations:
@@ -10,12 +10,12 @@ metadata:
spec:
restartPolicy: Never
containers:
- - name: test-minio
+ - name: test-s3
image: curlimages/curl:8.14.1
command: ['sh', '-c']
args:
- |
- echo "Testing MinIO health endpoint..."
- curl -f http://{{ include "trigger-v4.fullname" . }}-minio:{{ .Values.minio.service.ports.api }}/minio/health/live
- echo "MinIO test completed successfully"
+ echo "Testing S3 (MinIO) health endpoint..."
+ curl -f http://{{ include "trigger-v4.fullname" . }}-minio:9000/minio/health/live
+ echo "S3 test completed successfully"
{{- end }}
\ No newline at end of file
diff --git a/hosting/k8s/helm/templates/tests/test-supervisor.yaml b/hosting/k8s/helm/templates/tests/test-supervisor.yaml
index 71ab36d904..7ebc49b73d 100644
--- a/hosting/k8s/helm/templates/tests/test-supervisor.yaml
+++ b/hosting/k8s/helm/templates/tests/test-supervisor.yaml
@@ -1,4 +1,4 @@
-{{- if .Values.supervisor.enabled }}
+{{- if .Values.supervisor.deploy }}
apiVersion: v1
kind: Pod
metadata:
diff --git a/hosting/k8s/helm/templates/validate-external-config.yaml b/hosting/k8s/helm/templates/validate-external-config.yaml
new file mode 100644
index 0000000000..c3bd1e0756
--- /dev/null
+++ b/hosting/k8s/helm/templates/validate-external-config.yaml
@@ -0,0 +1,56 @@
+{{/*
+Validation template to ensure external service configurations are provided when deploy: false
+This template will fail the Helm deployment if external config is missing for required services
+*/}}
+{{- if not .Values.postgres.deploy }}
+{{- if or (not .Values.postgres.external.host) (not .Values.postgres.external.database) (not .Values.postgres.external.username) }}
+{{- fail "PostgreSQL external configuration is required when postgres.deploy=false. Please provide postgres.external.host, postgres.external.database, and postgres.external.username" }}
+{{- end }}
+{{- end }}
+
+{{- if not .Values.redis.deploy }}
+{{- if not .Values.redis.external.host }}
+{{- fail "Redis external configuration is required when redis.deploy=false. Please provide redis.external.host" }}
+{{- end }}
+{{- end }}
+
+{{- if not .Values.clickhouse.deploy }}
+{{- if or (not .Values.clickhouse.external.host) (not .Values.clickhouse.external.username) }}
+{{- fail "ClickHouse external configuration is required when clickhouse.deploy=false. Please provide clickhouse.external.host and clickhouse.external.username" }}
+{{- end }}
+{{- end }}
+
+{{- if not .Values.s3.deploy }}
+{{- if or (not .Values.s3.external.endpoint) (not .Values.s3.external.accessKeyId) }}
+{{- fail "S3 external configuration is required when s3.deploy=false. Please provide s3.external.endpoint and s3.external.accessKeyId" }}
+{{- end }}
+{{- end }}
+
+{{- if not .Values.electric.deploy }}
+{{- if not .Values.electric.external.url }}
+{{- fail "Electric external configuration is required when electric.deploy=false. Please provide electric.external.url" }}
+{{- end }}
+{{- end }}
+
+{{- if not .Values.registry.deploy }}
+{{- if or (not .Values.registry.external.host) (not .Values.registry.external.port) }}
+{{- fail "Registry external configuration is required when registry.deploy=false. Please provide registry.external.host and registry.external.port" }}
+{{- end }}
+{{- end }}
+
+{{/*
+This template produces no output but will fail the deployment if validation fails
+*/}}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+ name: {{ include "trigger-v4.fullname" . }}-external-config-validation
+ labels:
+ {{- include "trigger-v4.labels" . | nindent 4 }}
+ annotations:
+ helm.sh/hook: pre-install,pre-upgrade
+ helm.sh/hook-weight: "-10"
+ helm.sh/hook-delete-policy: before-hook-creation
+data:
+ validation: "completed"
\ No newline at end of file
diff --git a/hosting/k8s/helm/templates/webapp.yaml b/hosting/k8s/helm/templates/webapp.yaml
index dbcfadea46..e1ded645fe 100644
--- a/hosting/k8s/helm/templates/webapp.yaml
+++ b/hosting/k8s/helm/templates/webapp.yaml
@@ -49,22 +49,39 @@ spec:
- name: http
containerPort: {{ .Values.webapp.service.targetPort }}
protocol: TCP
+ {{- if .Values.webapp.livenessProbe.enabled }}
livenessProbe:
httpGet:
path: /healthcheck
port: http
- initialDelaySeconds: 10
- periodSeconds: 30
- timeoutSeconds: 10
- failureThreshold: 5
+ initialDelaySeconds: {{ .Values.webapp.livenessProbe.initialDelaySeconds }}
+ periodSeconds: {{ .Values.webapp.livenessProbe.periodSeconds }}
+ timeoutSeconds: {{ .Values.webapp.livenessProbe.timeoutSeconds }}
+ failureThreshold: {{ .Values.webapp.livenessProbe.failureThreshold }}
+ successThreshold: {{ .Values.webapp.livenessProbe.successThreshold }}
+ {{- end }}
+ {{- if .Values.webapp.readinessProbe.enabled }}
readinessProbe:
httpGet:
path: /healthcheck
port: http
- initialDelaySeconds: 10
- periodSeconds: 30
- timeoutSeconds: 10
- failureThreshold: 5
+ initialDelaySeconds: {{ .Values.webapp.readinessProbe.initialDelaySeconds }}
+ periodSeconds: {{ .Values.webapp.readinessProbe.periodSeconds }}
+ timeoutSeconds: {{ .Values.webapp.readinessProbe.timeoutSeconds }}
+ failureThreshold: {{ .Values.webapp.readinessProbe.failureThreshold }}
+ successThreshold: {{ .Values.webapp.readinessProbe.successThreshold }}
+ {{- end }}
+ {{- if .Values.webapp.startupProbe.enabled }}
+ startupProbe:
+ httpGet:
+ path: /healthcheck
+ port: http
+ initialDelaySeconds: {{ .Values.webapp.startupProbe.initialDelaySeconds }}
+ periodSeconds: {{ .Values.webapp.startupProbe.periodSeconds }}
+ timeoutSeconds: {{ .Values.webapp.startupProbe.timeoutSeconds }}
+ failureThreshold: {{ .Values.webapp.startupProbe.failureThreshold }}
+ successThreshold: {{ .Values.webapp.startupProbe.successThreshold }}
+ {{- end }}
resources:
{{- toYaml .Values.webapp.resources | nindent 12 }}
env:
@@ -97,9 +114,11 @@ spec:
- name: DEPLOY_REGISTRY_NAMESPACE
value: {{ .Values.registry.repositoryNamespace | quote }}
- name: OBJECT_STORE_BASE_URL
- value: {{ include "trigger-v4.minio.url" . | quote }}
+ value: {{ include "trigger-v4.s3.url" . | quote }}
- name: GRACEFUL_SHUTDOWN_TIMEOUT
value: {{ .Values.webapp.gracefulShutdownTimeout | quote }}
+ - name: TRIGGER_CLI_TAG
+ value: "v4-beta"
{{- if .Values.webapp.bootstrap.enabled }}
- name: TRIGGER_BOOTSTRAP_ENABLED
value: "1"
@@ -198,25 +217,21 @@ spec:
- name: INTERNAL_OTEL_METRIC_EXPORTER_INTERVAL_MS
value: {{ .Values.webapp.observability.metrics.exporterIntervalMs | quote }}
{{- end }}
- {{- if .Values.webapp.clickhouse.enabled }}
- name: CLICKHOUSE_URL
- value: {{ if .Values.clickhouse.external }}{{ .Values.clickhouse.externalConnection.httpUrl | quote }}{{ else }}"http://{{ .Values.clickhouse.auth.adminUser }}:{{ .Values.clickhouse.auth.adminPassword }}@{{ include "trigger-v4.fullname" . }}-clickhouse:{{ .Values.clickhouse.service.ports.http }}"{{ end }}
+ value: {{ include "trigger-v4.clickhouse.url" . | quote }}
- name: CLICKHOUSE_LOG_LEVEL
value: {{ .Values.webapp.clickhouse.logLevel | quote }}
- {{- end }}
- {{- if .Values.webapp.runReplication.enabled }}
- name: RUN_REPLICATION_ENABLED
value: "1"
- name: RUN_REPLICATION_CLICKHOUSE_URL
- value: {{ if .Values.clickhouse.external }}{{ .Values.clickhouse.externalConnection.httpUrl | quote }}{{ else }}"http://{{ .Values.clickhouse.auth.adminUser }}:{{ .Values.clickhouse.auth.adminPassword }}@{{ include "trigger-v4.fullname" . }}-clickhouse:{{ .Values.clickhouse.service.ports.http }}"{{ end }}
+ value: {{ include "trigger-v4.clickhouse.replication.url" . | quote }}
- name: RUN_REPLICATION_LOG_LEVEL
value: {{ .Values.webapp.runReplication.logLevel | quote }}
- {{- end }}
{{- if not .Values.telemetry.enabled }}
- name: TRIGGER_TELEMETRY_DISABLED
value: "1"
{{- end }}
- {{- with .Values.webapp.extraEnv }}
+ {{- with .Values.webapp.extraEnvVars }}
{{- toYaml . | nindent 12 }}
{{- end }}
volumeMounts:
diff --git a/hosting/k8s/helm/values-production-example.yaml b/hosting/k8s/helm/values-production-example.yaml
index fb7cee13d1..7d8132b0d7 100644
--- a/hosting/k8s/helm/values-production-example.yaml
+++ b/hosting/k8s/helm/values-production-example.yaml
@@ -79,6 +79,8 @@ redis:
# Production ClickHouse
clickhouse:
+ # Set to true to enable TLS/secure connections in production
+ secure: true
persistence:
enabled: true
size: 100Gi
@@ -91,11 +93,11 @@ clickhouse:
cpu: 500m
memory: 1Gi
-# Production MinIO (or use external S3)
-minio:
+# Production S3-compatible object storage
+s3:
auth:
rootUser: "admin"
- rootPassword: "your-strong-minio-password"
+ rootPassword: "your-strong-s3-password"
persistence:
enabled: true
size: 500Gi
@@ -123,9 +125,8 @@ supervisor:
memory: 512Mi
# Example: Use external PostgreSQL instead
# postgres:
-# enabled: false
-# external: true
-# externalConnection:
+# deploy: false
+# external:
# host: "your-postgres-host.rds.amazonaws.com"
# port: 5432
# database: "trigger"
@@ -136,9 +137,19 @@ supervisor:
# Example: Use external Redis instead
# redis:
-# enabled: false
-# external: true
-# externalConnection:
+# deploy: false
+# external:
# host: "your-redis-cluster.cache.amazonaws.com"
# port: 6379
# password: "your-redis-password"
+
+# Example: Use external ClickHouse instead
+# clickhouse:
+# deploy: false
+# external:
+# host: "your-clickhouse-host.cloud.provider.com"
+# httpPort: 8443 # Use 8443 for HTTPS
+# nativePort: 9440 # Use 9440 for secure native connections
+# username: "trigger_user"
+# password: "your-clickhouse-password"
+# secure: true # Use true for TLS/secure connections
diff --git a/hosting/k8s/helm/values.yaml b/hosting/k8s/helm/values.yaml
index 61fd2c5f45..1903355126 100644
--- a/hosting/k8s/helm/values.yaml
+++ b/hosting/k8s/helm/values.yaml
@@ -11,7 +11,6 @@ config:
appOrigin: "http://localhost:3040"
loginOrigin: "http://localhost:3040"
apiOrigin: "http://localhost:3040"
- electricOrigin: "http://electric:3000"
# Secrets configuration
# IMPORTANT: The default values below are for TESTING ONLY and should NOT be used in production
@@ -22,7 +21,7 @@ config:
secrets:
# Enable/disable creation of secrets
# Set to false to use external secret management (Vault, Infisical, External Secrets, etc.)
- # When disabled, use extraEnv and podAnnotations for secret injection
+ # When disabled, use extraEnvVars and podAnnotations for secret injection
enabled: true
# Name of existing secret to use instead of creating one
@@ -107,7 +106,7 @@ webapp:
# memory: 1Gi
# Extra environment variables for webapp
- extraEnv:
+ extraEnvVars:
[]
# - name: CUSTOM_VAR
# value: "custom-value"
@@ -125,16 +124,32 @@ webapp:
labels: {}
basicAuth: {}
- # ClickHouse integration (experimental)
- # Usage patterns:
- # 1. Internal ClickHouse: Set clickhouse.enabled=true, clickhouse.external=false, webapp.clickhouse.enabled=true
- # 2. External ClickHouse: Set clickhouse.enabled=true, clickhouse.external=true, configure externalConnection URLs, webapp.clickhouse.enabled=true
- # 3. No ClickHouse: Leave webapp.clickhouse.enabled=false (default)
- clickhouse:
+ # Health probe configuration
+ livenessProbe:
+ enabled: true
+ initialDelaySeconds: 10
+ periodSeconds: 30
+ timeoutSeconds: 10
+ failureThreshold: 5
+ successThreshold: 1
+ readinessProbe:
enabled: true
+ initialDelaySeconds: 10
+ periodSeconds: 30
+ timeoutSeconds: 10
+ failureThreshold: 5
+ successThreshold: 1
+ startupProbe:
+ enabled: false
+ initialDelaySeconds: 0
+ periodSeconds: 10
+ timeoutSeconds: 5
+ failureThreshold: 60
+ successThreshold: 1
+
+ clickhouse:
logLevel: "info" # one of: log, error, warn, info, debug
runReplication:
- enabled: true
logLevel: "info" # one of: log, error, warn, info, debug
# Observability configuration (OTel)
@@ -157,7 +172,6 @@ webapp:
# Supervisor configuration
supervisor:
- enabled: true
image:
registry: ghcr.io
repository: triggerdotdev/supervisor
@@ -225,7 +239,7 @@ supervisor:
create: true
name: ""
# Extra environment variables for Supervisor
- extraEnv:
+ extraEnvVars:
[]
# - name: CUSTOM_VAR
# value: "custom-value"
@@ -238,6 +252,29 @@ supervisor:
labels: {}
basicAuth: {}
+ # Health probe configuration
+ livenessProbe:
+ enabled: true
+ initialDelaySeconds: 30
+ periodSeconds: 10
+ timeoutSeconds: 5
+ failureThreshold: 3
+ successThreshold: 1
+ readinessProbe:
+ enabled: true
+ initialDelaySeconds: 15
+ periodSeconds: 10
+ timeoutSeconds: 5
+ failureThreshold: 3
+ successThreshold: 1
+ startupProbe:
+ enabled: false
+ initialDelaySeconds: 0
+ periodSeconds: 10
+ timeoutSeconds: 5
+ failureThreshold: 60
+ successThreshold: 1
+
# Bootstrap configuration
# When enabled: reads token from shared file, otherwise uses workerToken config
bootstrap:
@@ -257,107 +294,64 @@ supervisor:
# PostgreSQL configuration
postgres:
- enabled: true
- external: false
- image:
- registry: docker.io
- repository: postgres
- tag: "14"
- pullPolicy: IfNotPresent
+ deploy: true
+
+ # Bitnami PostgreSQL chart configuration (when deploy: true)
auth:
+ enablePostgresUser: true
postgresPassword: "postgres"
username: "postgres"
password: "postgres"
database: "main"
- connection:
- schema: "public"
- sslMode: "disable" # Use "require" or "verify-full" for production
-
- podAnnotations: {}
-
- # podSecurityContext:
- # fsGroup: 1000
-
- # securityContext:
- # runAsNonRoot: true
- # runAsUser: 1000
primary:
persistence:
enabled: true
size: 10Gi
- service:
- ports:
- postgres: 5432
resources: {}
configuration: |
+ listen_addresses = '*'
wal_level = logical
- # External PostgreSQL connection (when external: true)
- externalConnection:
+
+ # Custom connection settings
+ connection:
+ schema: "public"
+ sslMode: "disable" # Use "require" or "verify-full" for production
+
+ # External PostgreSQL connection (when deploy: false)
+ external:
host: ""
port: 5432
database: ""
username: ""
password: ""
- # Connection options
- schema: "public"
- sslMode: "require" # Options: disable, allow, prefer, require, verify-ca, verify-full
- # Extra environment variables for PostgreSQL
- extraEnv:
- []
- # - name: CUSTOM_VAR
- # value: "custom-value"
- # Extra command line arguments for PostgreSQL
- extraArgs:
- []
- # - "-c"
- # - "log_statement=all"
- # - "-c"
- # - "max_slot_wal_keep_size=1000000000"
# Redis configuration
redis:
- enabled: true
- external: false
- image:
- registry: docker.io
- repository: redis
- tag: "7"
- pullPolicy: IfNotPresent
+ deploy: true
+
+ # Bitnami Redis chart configuration (when deploy: true)
auth:
enabled: false
- podAnnotations: {}
-
- # podSecurityContext:
- # fsGroup: 1000
-
- # securityContext:
- # runAsNonRoot: true
- # runAsUser: 1000
+ # Single-node configuration (disable replica)
+ architecture: standalone
master:
persistence:
enabled: true
size: 5Gi
- service:
- ports:
- redis: 6379
resources: {}
- # External Redis connection (when external: true)
- externalConnection:
+
+ # External Redis connection (when deploy: false)
+ external:
host: ""
port: 6379
password: ""
- # Extra environment variables for Redis
- extraEnv:
- []
- # - name: CUSTOM_VAR
- # value: "custom-value"
# Electric configuration
electric:
- enabled: true
+ deploy: true
image:
registry: docker.io
repository: electricsql/electric
@@ -381,59 +375,78 @@ electric:
port: 3000
targetPort: 3000
resources: {}
+
+ # Health probe configuration
+ livenessProbe:
+ enabled: true
+ initialDelaySeconds: 10
+ periodSeconds: 10
+ timeoutSeconds: 5
+ failureThreshold: 5
+ successThreshold: 1
+ readinessProbe:
+ enabled: true
+ initialDelaySeconds: 10
+ periodSeconds: 10
+ timeoutSeconds: 5
+ failureThreshold: 5
+ successThreshold: 1
+ startupProbe:
+ enabled: false
+ initialDelaySeconds: 0
+ periodSeconds: 10
+ timeoutSeconds: 5
+ failureThreshold: 60
+ successThreshold: 1
+
+ # External Electric connection (when deploy: false)
+ external:
+ url: "" # For example: "http://electric:3000"
+
# Extra environment variables for Electric
- extraEnv:
+ extraEnvVars:
[]
# - name: CUSTOM_VAR
# value: "custom-value"
# ClickHouse configuration
clickhouse:
- enabled: true
- external: false
- image:
- registry: docker.io
- repository: bitnami/clickhouse
- tag: "latest"
- pullPolicy: IfNotPresent
- auth:
- adminUser: "default"
- adminPassword: "password"
+ deploy: true
- podAnnotations: {}
+ # TLS/Secure connection configuration
+ secure: false # Set to true to use HTTPS and secure connections
- # podSecurityContext:
- # fsGroup: 1000
+ # Bitnami ClickHouse chart configuration (when deploy: true)
+ auth:
+ username: "default"
+ password: "password"
- # securityContext:
- # runAsNonRoot: true
- # runAsUser: 1000
+ # Single-node configuration (disable clustering for dev/test)
+ keeper:
+ enabled: false
+
+ shards: 1
+ replicaCount: 1
persistence:
enabled: true
size: 10Gi
- service:
- type: ClusterIP
- ports:
- native: 9000
- http: 8123
resources: {}
- # External ClickHouse connection (when external: true)
- externalConnection:
- # HTTP interface URL (port 8123) - used by webapp for replication
- httpUrl: ""
- # Extra environment variables for ClickHouse
- extraEnv:
- []
- # - name: CUSTOM_VAR
- # value: "custom-value"
+
+ # External ClickHouse connection (when deploy: false)
+ external:
+ host: ""
+ httpPort: 8123
+ nativePort: 9000
+ username: ""
+ password: ""
+ secure: false # Set to true for external secure connections
# ClickHouse configuration override
- # You can provide your own override.xml content here
# These defaults are based on official recommendations for systems with <16GB RAM:
# https://clickhouse.com/docs/operations/tips
- config:
- override: |
+ configdFiles:
+ override.xml: |
warning
@@ -451,53 +464,34 @@ clickhouse:
-# MinIO configuration
-minio:
- enabled: true
- external: false # Set to true to use external S3-compatible storage
- image:
- registry: docker.io
- repository: minio/minio
- tag: "latest"
- pullPolicy: IfNotPresent
- # WARNING: This sets the root user and password on first startup and MUST be changed via the dashboard.
- # - Don't forget to update secrets.objectStore if you intend to use the root credentials.
- # - You should instead create a new non-root user and update the secrets.objectStore with the new credentials.
+# S3-compatible object storage configuration
+s3:
+ # Set to false to use external S3-compatible storage
+ # Set to true to deploy internal MinIO (default)
+ deploy: true
+
+ # Bitnami MinIO chart configuration (when deploy: true)
+ # MinIO provides S3-compatible storage when deployed internally
auth:
rootUser: "admin"
rootPassword: "very-safe-password"
- podAnnotations: {}
-
- # podSecurityContext:
- # fsGroup: 1000
-
- # securityContext:
- # runAsNonRoot: true
- # runAsUser: 1000
-
persistence:
enabled: true
size: 10Gi
- service:
- type: ClusterIP
- ports:
- api: 9000
- console: 9001
resources: {}
- # External MinIO/S3 connection (when external: true)
- externalConnection:
- url: "" # e.g., "https://s3.amazonaws.com" or "https://your-minio.com:9000"
- # Extra environment variables for MinIO
- extraEnv:
- []
- # - name: CUSTOM_VAR
- # value: "custom-value"
+
+ # External S3 connection (when deploy: false)
+ external:
+ endpoint: "" # e.g., "https://s3.amazonaws.com" or "https://your-minio.com:9000"
+ accessKeyId: ""
+ secretAccessKey: ""
# Docker Registry configuration
registry:
- enabled: false # EXPERIMENTAL - requires proper TLS setup. Use external: true instead.
- external: true
+ # EXPERIMENTAL - requires TLS setup or additional cluster configuration. Configure `external` details instead.
+ deploy: false
+
repositoryNamespace: "trigger" # Docker repository namespace for deployed images, will be part of the image ref
image:
registry: docker.io
@@ -518,24 +512,73 @@ registry:
# runAsNonRoot: true
# runAsUser: 1000
+ # Persistence configuration (Bitnami-style)
persistence:
enabled: true
+ # Name to assign the volume
+ volumeName: "data"
+ # Name of an existing PVC to use
+ existingClaim: ""
+ # The path the volume will be mounted at
+ mountPath: "/var/lib/registry"
+ # The subdirectory of the volume to mount to
+ subPath: ""
+ # PVC Storage Class for Registry data volume
+ storageClass: ""
+ # PVC Access Mode for Registry volume
+ accessModes:
+ - "ReadWriteOnce"
+ # PVC Storage Request for Registry volume
size: 10Gi
+ # Annotations for the PVC
+ annotations: {}
+ # Labels for the PVC
+ labels: {}
+ # Selector to match an existing Persistent Volume
+ selector: {}
+ # Custom PVC data source
+ dataSource: {}
+
service:
type: ClusterIP
port: 5000
targetPort: 5000
resources: {}
- # External Registry connection (when external: true)
- externalConnection:
+
+ # Health probe configuration
+ livenessProbe:
+ enabled: true
+ initialDelaySeconds: 10
+ periodSeconds: 10
+ timeoutSeconds: 5
+ failureThreshold: 5
+ successThreshold: 1
+ readinessProbe:
+ enabled: true
+ initialDelaySeconds: 10
+ periodSeconds: 10
+ timeoutSeconds: 5
+ failureThreshold: 5
+ successThreshold: 1
+ startupProbe:
+ enabled: false
+ initialDelaySeconds: 0
+ periodSeconds: 10
+ timeoutSeconds: 5
+ failureThreshold: 60
+ successThreshold: 1
+
+ # External Registry connection (when deploy: false)
+ external:
host: "localhost"
port: 5001
auth:
enabled: false
username: ""
password: ""
+
# Extra environment variables for Registry
- extraEnv:
+ extraEnvVars:
[]
# - name: CUSTOM_VAR
# value: "custom-value"