diff --git a/docs/self-hosting/docker.mdx b/docs/self-hosting/docker.mdx index 56051a192e..ef2c7d6e85 100644 --- a/docs/self-hosting/docker.mdx +++ b/docs/self-hosting/docker.mdx @@ -244,6 +244,10 @@ You should change these before deploying to production, especially the password. ### Setup + +The `packets` bucket is created by default. In case this doesn't work, you can create it manually. + + 1. Login to the dashboard: `http://localhost:9001` 2. Create a bucket named `packets`. diff --git a/docs/upgrade-to-v4.mdx b/docs/upgrade-to-v4.mdx index 03a8ba6b1a..bb2f5fff92 100644 --- a/docs/upgrade-to-v4.mdx +++ b/docs/upgrade-to-v4.mdx @@ -761,7 +761,7 @@ You can also now control whether concurrency is released when performing a wait: ```ts // This will prevent the run from being released back into the queue when the wait starts -await wait.for({ seconds: 10 }, { releaseConcurrency: false }); +await wait.for({ seconds: 10, releaseConcurrency: false }); ``` The new default behavior allows you to ensure that you can control the number of executing & waiting runs on a queue, and guarantee runs will resume once they are meant to be resumed. diff --git a/hosting/docker/webapp/docker-compose.yml b/hosting/docker/webapp/docker-compose.yml index dc0960db0c..cb9011a0f4 100644 --- a/hosting/docker/webapp/docker-compose.yml +++ b/hosting/docker/webapp/docker-compose.yml @@ -181,7 +181,7 @@ services: start_period: 10s minio: - image: minio/minio:${MINIO_IMAGE_TAG:-latest} + image: bitnami/minio:${MINIO_IMAGE_TAG:-latest} restart: ${RESTART_POLICY:-unless-stopped} logging: *logging-config ports: @@ -190,11 +190,12 @@ services: networks: - webapp volumes: - - minio:/data + - minio:/bitnami/minio/data environment: MINIO_ROOT_USER: ${MINIO_ROOT_USER:-admin} MINIO_ROOT_PASSWORD: ${MINIO_ROOT_PASSWORD:-very-safe-password} - command: server --console-address ":9001" /data + MINIO_DEFAULT_BUCKETS: packets + MINIO_BROWSER: "on" healthcheck: test: ["CMD", "curl", "-f", "http://localhost:9000/minio/health/live"] interval: 5s diff --git a/hosting/k8s/helm/Chart.yaml b/hosting/k8s/helm/Chart.yaml index 22cfa364e0..eda7b786bf 100644 --- a/hosting/k8s/helm/Chart.yaml +++ b/hosting/k8s/helm/Chart.yaml @@ -2,8 +2,8 @@ apiVersion: v2 name: trigger description: The official Trigger.dev Helm chart type: application -version: 4.0.0-beta.7 -appVersion: trigger-helm-rc.0 +version: 4.0.0-beta.10 +appVersion: trigger-helm-rc.1 home: https://trigger.dev sources: - https://github.com/triggerdotdev/trigger.dev diff --git a/hosting/k8s/helm/templates/supervisor.yaml b/hosting/k8s/helm/templates/supervisor.yaml index 4f24d7d97a..7bff5c06c8 100644 --- a/hosting/k8s/helm/templates/supervisor.yaml +++ b/hosting/k8s/helm/templates/supervisor.yaml @@ -74,6 +74,7 @@ spec: {{- with .Values.supervisor.podSecurityContext }} {{- toYaml . | nindent 8 }} {{- end }} + {{- if not .Values.webapp.bootstrap.enabled }} initContainers: - name: init-shared image: busybox:1.35 @@ -83,6 +84,7 @@ spec: volumeMounts: - name: shared mountPath: /home/node/shared + {{- end }} containers: - name: supervisor image: {{ include "trigger-v4.supervisor.image" . }} @@ -134,8 +136,11 @@ spec: - name: TRIGGER_API_URL value: "http://{{ include "trigger-v4.fullname" . }}-webapp:{{ .Values.webapp.service.port }}" - name: TRIGGER_WORKER_TOKEN - {{- if .Values.supervisor.bootstrap.enabled }} - value: "file://{{ .Values.supervisor.bootstrap.workerTokenPath }}" + {{- if .Values.webapp.bootstrap.enabled }} + valueFrom: + secretKeyRef: + name: {{ include "trigger-v4.fullname" . }}-worker-token + key: token {{- else if .Values.supervisor.bootstrap.workerToken.secret.name }} valueFrom: secretKeyRef: @@ -234,13 +239,16 @@ spec: {{- with .Values.supervisor.extraEnvVars }} {{- toYaml . | nindent 12 }} {{- end }} + {{- if not .Values.webapp.bootstrap.enabled }} volumeMounts: - name: shared mountPath: /home/node/shared + {{- end }} {{- with .Values.supervisor.securityContext }} securityContext: {{- toYaml . | nindent 12 }} {{- end }} + {{- if not .Values.webapp.bootstrap.enabled }} volumes: - name: shared {{- if .Values.persistence.shared.enabled }} @@ -249,6 +257,7 @@ spec: {{- else }} emptyDir: {} {{- end }} + {{- end }} {{- with .Values.supervisor.nodeSelector }} nodeSelector: {{- toYaml . | nindent 8 }} diff --git a/hosting/k8s/helm/templates/webapp.yaml b/hosting/k8s/helm/templates/webapp.yaml index e1ded645fe..d1cd06508f 100644 --- a/hosting/k8s/helm/templates/webapp.yaml +++ b/hosting/k8s/helm/templates/webapp.yaml @@ -1,3 +1,39 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + name: {{ include "trigger-v4.fullname" . }}-webapp + labels: + {{- $component := "webapp" }} + {{- include "trigger-v4.componentLabels" (dict "Chart" .Chart "Release" .Release "Values" .Values "component" $component) | nindent 4 }} +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: Role +metadata: + name: {{ include "trigger-v4.fullname" . }}-webapp-token-syncer + labels: + {{- $component := "webapp" }} + {{- include "trigger-v4.componentLabels" (dict "Chart" .Chart "Release" .Release "Values" .Values "component" $component) | nindent 4 }} +rules: + - apiGroups: [""] + resources: ["secrets"] + verbs: ["create", "get", "update", "patch"] +--- +apiVersion: rbac.authorization.k8s.io/v1 +kind: RoleBinding +metadata: + name: {{ include "trigger-v4.fullname" . }}-webapp-token-syncer + labels: + {{- $component := "webapp" }} + {{- include "trigger-v4.componentLabels" (dict "Chart" .Chart "Release" .Release "Values" .Values "component" $component) | nindent 4 }} +subjects: + - kind: ServiceAccount + name: {{ include "trigger-v4.fullname" . }}-webapp + namespace: {{ .Release.Namespace }} +roleRef: + kind: Role + name: {{ include "trigger-v4.fullname" . }}-webapp-token-syncer + apiGroup: rbac.authorization.k8s.io +--- apiVersion: apps/v1 kind: Deployment metadata: @@ -19,6 +55,7 @@ spec: labels: {{- include "trigger-v4.componentSelectorLabels" (dict "Chart" .Chart "Release" .Release "Values" .Values "component" $component) | nindent 8 }} spec: + serviceAccountName: {{ include "trigger-v4.fullname" . }}-webapp {{- with .Values.global.imagePullSecrets }} imagePullSecrets: {{- toYaml . | nindent 8 }} @@ -38,6 +75,55 @@ spec: - name: shared mountPath: /home/node/shared containers: + - name: token-syncer + image: bitnami/kubectl:1.28 + securityContext: + runAsUser: 1000 + runAsNonRoot: true + command: + - /bin/bash + - -c + - | + TOKEN_FILE="/home/node/shared/worker_token" + SECRET_NAME="{{ include "trigger-v4.fullname" . }}-worker-token" + NAMESPACE="{{ .Release.Namespace }}" + + echo "Token syncer starting..." + echo "Monitoring: $TOKEN_FILE" + echo "Target secret: $SECRET_NAME" + + while true; do + if [ -f "$TOKEN_FILE" ]; then + TOKEN=$(cat "$TOKEN_FILE") + if [ ! -z "$TOKEN" ]; then + echo "Token file found, creating/updating secret..." + + # Create or update the secret + kubectl create secret generic "$SECRET_NAME" \ + --from-literal=token="$TOKEN" \ + --namespace="$NAMESPACE" \ + --dry-run=client -o yaml | kubectl apply -f - + + if [ $? -eq 0 ]; then + echo "Secret successfully created/updated" + # Continue monitoring for updates + sleep 30 + else + echo "Failed to create/update secret, retrying in 5s..." + sleep 5 + fi + else + echo "Token file exists but is empty, waiting..." + sleep 2 + fi + else + echo "Waiting for token file..." + sleep 2 + fi + done + volumeMounts: + - name: shared + mountPath: /home/node/shared - name: webapp securityContext: {{- toYaml .Values.webapp.securityContext | nindent 12 }} diff --git a/hosting/k8s/helm/values.yaml b/hosting/k8s/helm/values.yaml index 1903355126..d44b83cd7e 100644 --- a/hosting/k8s/helm/values.yaml +++ b/hosting/k8s/helm/values.yaml @@ -476,6 +476,9 @@ s3: rootUser: "admin" rootPassword: "very-safe-password" + # The required "packets" bucket is created by default. + defaultBuckets: "packets" + persistence: enabled: true size: 10Gi