Bitnami/charts
2
0
Fork 0
mirror of https://github.com/bitnami/charts.git synced 2026-03-05 14:57:31 +08:00
Code Issues Packages Projects Releases Wiki Activity

[bitnami/appsmith] fix: 🐛 🔒 Add ambassador container to appsmith-backend to contact appsmith-rts (#25042)

Browse Source 
* [bitnami/appsmith] fix: 🐛 🔒 Expose client https port

Signed-off-by: Javier Salmeron Garcia <jsalmeron@vmware.com>

* fix: 🐛 Add nginx symlinks

Signed-off-by: Javier Salmeron Garcia <jsalmeron@vmware.com>

* fix: 🐛 Add missing rts redirect sidecar to connect backend with sidecar

Signed-off-by: Javier Salmeron Garcia <jsalmeron@vmware.com>

* docs: 💡 Improve comment in values.yaml

Signed-off-by: Javier Salmeron Garcia <jsalmeron@vmware.com>

* chore: ♻️ Rename sidecar to ambassador

Signed-off-by: Javier Salmeron Garcia <jsalmeron@vmware.com>

* Update README.md with readme-generator-for-helm

Signed-off-by: Bitnami Containers <bitnami-bot@vmware.com>

* fix: 🐛 Remove unnecessary `extraVolumeMount:`

Signed-off-by: Javier Salmeron Garcia <jsalmeron@vmware.com>

---------

Signed-off-by: Javier Salmeron Garcia <jsalmeron@vmware.com>
Signed-off-by: Bitnami Containers <bitnami-bot@vmware.com>
Co-authored-by: Bitnami Containers <bitnami-bot@vmware.com>
This commit is contained in:
Javier J. Salmerón-García
2024-04-10 12:12:19 +02:00
committed by GitHub
parent cdfef45c27
commit babac233c1
9 changed files with 384 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
bitnami/appsmith/Chart.lock
View File

@@ -1,12 +1,12 @@
dependencies:
- name: redis
repository: oci://registry-1.docker.io/bitnamicharts
version: 19.0.1
version: 19.1.0
- name: mongodb
repository: oci://registry-1.docker.io/bitnamicharts
version: 15.1.0
version: 15.1.3
- name: common
repository: oci://registry-1.docker.io/bitnamicharts
version: 2.19.0
digest: sha256:935a323f65f51e023087cca087b9d32d5ed6551e8924c9866762e39b2e366150
generated: "2024-03-22T10:48:54.217011764+01:00"
version: 2.19.1
digest: sha256:17255abf0d2b19daf97e56f5d4a8f0f97337b1486b78224ecf742999b9ccf2a5
generated: "2024-04-08T15:38:39.58843734+02:00"

2
bitnami/appsmith/Chart.yaml
View File

@@ -37,4 +37,4 @@ maintainers:
name: appsmith
sources:
- https://github.com/bitnami/charts/tree/main/bitnami/appsmith
version: 3.0.0
version: 3.1.0

54
bitnami/appsmith/README.md
View File

@@ -240,6 +240,7 @@ The [Bitnami appsmith](https://github.com/bitnami/containers/tree/main/bitnami/a
| ---------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------------- |
| `client.replicaCount` | Number of Appsmith client replicas to deploy | `1` |
| `client.containerPorts.http` | Appsmith client HTTP container port | `8080` |
| `client.containerPorts.https` | Appsmith client HTTPS container port | `8443` |
| `client.livenessProbe.enabled` | Enable livenessProbe on Appsmith client containers | `true` |
| `client.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `30` |
| `client.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` |
@@ -362,7 +363,7 @@ The [Bitnami appsmith](https://github.com/bitnami/containers/tree/main/bitnami/a
| `backend.existingSecretPasswordKey` | Key inside the existing secret containing the admin password | `admin-password` |
| `backend.existingSecretEncryptionSaltKey` | Key inside the existing secret containing the encryption salt | `encryption-salt` |
| `backend.existingSecretEncryptionPasswordKey` | Key inside the existing secret containing the encryption password | `encryption-password` |
| `backend.containerPorts.http` | Appsmith backend HTTP container port | `8080` |
| `backend.containerPorts.http` | Appsmith backend HTTP container port | `8083` |
| `backend.livenessProbe.enabled` | Enable livenessProbe on Appsmith backend containers | `true` |
| `backend.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `30` |
| `backend.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` |
@@ -429,6 +430,57 @@ The [Bitnami appsmith](https://github.com/bitnami/containers/tree/main/bitnami/a
| `backend.sidecars` | Add additional sidecar containers to the Appsmith backend pod(s) | `[]` |
| `backend.initContainers` | Add additional init containers to the Appsmith backend pod(s) | `[]` |
### HAProxy Parameters
| Name | Description | Value |
| ------------------------------------------------------------------------------ | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------- |
| `backend.redirectAmbassador.image.registry` | HAProxy image registry | `REGISTRY_NAME` |
| `backend.redirectAmbassador.image.repository` | HAProxy image repository | `REPOSITORY_NAME/haproxy` |
| `backend.redirectAmbassador.image.digest` | HAProxy image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag | `""` |
| `backend.redirectAmbassador.image.pullPolicy` | HAProxy image pull policy | `IfNotPresent` |
| `backend.redirectAmbassador.image.pullSecrets` | HAProxy image pull secrets | `[]` |
| `backend.redirectAmbassador.containerSecurityContext.enabled` | Enabled Appsmith backend redirect sidecar containers' Security Context | `true` |
| `backend.redirectAmbassador.containerSecurityContext.seLinuxOptions` | Set SELinux options in container | `{}` |
| `backend.redirectAmbassador.containerSecurityContext.runAsUser` | Set containers' Security Context runAsUser | `1001` |
| `backend.redirectAmbassador.containerSecurityContext.runAsGroup` | Set containers' Security Context runAsGroup | `1001` |
| `backend.redirectAmbassador.containerSecurityContext.runAsNonRoot` | Set Appsmith backend redirect sidecar containers' Security Context runAsNonRoot | `true` |
| `backend.redirectAmbassador.containerSecurityContext.readOnlyRootFilesystem` | Set Appsmith backend redirect sidecar containers' Security Context runAsNonRoot | `true` |
| `backend.redirectAmbassador.containerSecurityContext.privileged` | Set backend container's Security Context privileged | `false` |
| `backend.redirectAmbassador.containerSecurityContext.allowPrivilegeEscalation` | Set backend container's Security Context allowPrivilegeEscalation | `false` |
| `backend.redirectAmbassador.containerSecurityContext.capabilities.drop` | List of capabilities to be dropped | `["ALL"]` |
| `backend.redirectAmbassador.containerSecurityContext.seccompProfile.type` | Set container's Security Context seccomp profile | `RuntimeDefault` |
| `backend.redirectAmbassador.command` | Override default container command (useful when using custom images) | `[]` |
| `backend.redirectAmbassador.args` | Override default container args (useful when using custom images) | `[]` |
| `backend.redirectAmbassador.lifecycleHooks` | for the Appsmith backend redirect sidecar container(s) to automate configuration before or after startup | `{}` |
| `backend.redirectAmbassador.extraEnvVars` | Array with extra environment variables to add to Appsmith backend redirect sidecar nodes | `[]` |
| `backend.redirectAmbassador.extraEnvVarsCM` | Name of existing ConfigMap containing extra env vars for Appsmith backend redirect sidecar nodes | `""` |
| `backend.redirectAmbassador.extraEnvVarsSecret` | Name of existing Secret containing extra env vars for Appsmith backend redirect sidecar nodes | `""` |
| `backend.redirectAmbassador.extraVolumeMounts` | Optionally specify extra list of additional volumeMounts for the Appsmith backend redirect sidecar container(s) | `[]` |
| `backend.redirectAmbassador.containerPorts.http` | Appsmith backend redirect sidecar HTTP container port | `8080` |
| `backend.redirectAmbassador.livenessProbe.enabled` | Enable livenessProbe on Appsmith backend redirect sidecar containers | `true` |
| `backend.redirectAmbassador.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `30` |
| `backend.redirectAmbassador.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` |
| `backend.redirectAmbassador.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `5` |
| `backend.redirectAmbassador.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `6` |
| `backend.redirectAmbassador.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` |
| `backend.redirectAmbassador.readinessProbe.enabled` | Enable readinessProbe on Appsmith backend redirect sidecar containers | `true` |
| `backend.redirectAmbassador.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `30` |
| `backend.redirectAmbassador.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` |
| `backend.redirectAmbassador.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `5` |
| `backend.redirectAmbassador.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `6` |
| `backend.redirectAmbassador.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` |
| `backend.redirectAmbassador.startupProbe.enabled` | Enable startupProbe on Appsmith backend redirect sidecar containers | `false` |
| `backend.redirectAmbassador.startupProbe.initialDelaySeconds` | Initial delay seconds for startupProbe | `30` |
| `backend.redirectAmbassador.startupProbe.periodSeconds` | Period seconds for startupProbe | `10` |
| `backend.redirectAmbassador.startupProbe.timeoutSeconds` | Timeout seconds for startupProbe | `5` |
| `backend.redirectAmbassador.startupProbe.failureThreshold` | Failure threshold for startupProbe | `6` |
| `backend.redirectAmbassador.startupProbe.successThreshold` | Success threshold for startupProbe | `1` |
| `backend.redirectAmbassador.customLivenessProbe` | Custom livenessProbe that overrides the default one | `{}` |
| `backend.redirectAmbassador.customReadinessProbe` | Custom readinessProbe that overrides the default one | `{}` |
| `backend.redirectAmbassador.customStartupProbe` | Custom startupProbe that overrides the default one | `{}` |
| `backend.redirectAmbassador.resourcesPreset` | Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if backend.resources is set (backend.resources is recommended for production). | `nano` |
| `backend.redirectAmbassador.resources` | Set container requests and limits for different resources like CPU or memory (essential for production workloads) | `{}` |
### Appsmith Backend Network Policies
| Name | Description | Value |

16
bitnami/appsmith/templates/_helpers.tpl
View File

@@ -10,6 +10,13 @@ Return the proper Appsmith image name
{{ include "common.images.image" (dict "imageRoot" .Values.image "global" .Values.global) }}
{{- end -}}
{{/*
Return the proper Appsmith image name
*/}}
{{- define "appsmith.redirect.image" -}}
{{ include "common.images.image" (dict "imageRoot" .Values.backend.redirectAmbassador.image "global" .Values.global) }}
{{- end -}}
{{/*
Return the proper Appsmith backend fullname
*/}}
@@ -17,6 +24,13 @@ Return the proper Appsmith backend fullname
{{- printf "%s-%s" (include "common.names.fullname" .) "backend" | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
Return the proper Appsmith backend fullname
*/}}
{{- define "appsmith.redirect.fullname" -}}
{{- printf "%s-%s" (include "appsmith.backend.fullname" .) "redirect" | trunc 63 | trimSuffix "-" -}}
{{- end -}}
{{/*
Return the proper Appsmith rts fullname
*/}}
@@ -35,7 +49,7 @@ Return the proper image name (for the init container volume-permissions image)
Return the proper Docker Image Registry Secret Names
*/}}
{{- define "appsmith.imagePullSecrets" -}}
{{- include "common.images.pullSecrets" (dict "images" (list .Values.image .Values.volumePermissions.image) "global" .Values.global) -}}
{{- include "common.images.pullSecrets" (dict "images" (list .Values.image .Values.volumePermissions.image .Values.backend.redirectAmbassador.image) "global" .Values.global) -}}
{{- end -}}
{{/*

83
bitnami/appsmith/templates/backend/deployment.yaml
View File

@@ -269,15 +269,94 @@ spec:
{{- if .Values.backend.persistence.subPath }}
subPath: {{ .Values.backend.persistence.subPath }}
{{- end }}
{{- if .Values.backend.extraVolumeMounts }}
{{- include "common.tplvalues.render" (dict "value" .Values.backend.extraVolumeMounts "context" $) | nindent 12 }}
{{- if .Values.backend.extraVolumeMounts }}
{{- include "common.tplvalues.render" (dict "value" .Values.backend.extraVolumeMounts "context" $) | nindent 12 }}
{{- end }}
- name: rts-redirect
image: {{ template "appsmith.redirect.image" . }}
imagePullPolicy: {{ .Values.backend.redirectAmbassador.image.pullPolicy }}
{{- if .Values.backend.redirectAmbassador.containerSecurityContext.enabled }}
securityContext: {{- include "common.compatibility.renderSecurityContext" (dict "secContext" .Values.backend.redirectAmbassador.containerSecurityContext "context" $) | nindent 12 }}
{{- end }}
{{- if .Values.diagnosticMode.enabled }}
command: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.command "context" $) | nindent 12 }}
{{- else if .Values.backend.redirectAmbassador.command }}
command: {{- include "common.tplvalues.render" (dict "value" .Values.backend.redirectAmbassador.command "context" $) | nindent 12 }}
{{- end }}
{{- if .Values.diagnosticMode.enabled }}
args: {{- include "common.tplvalues.render" (dict "value" .Values.diagnosticMode.args "context" $) | nindent 12 }}
{{- else if .Values.backend.redirectAmbassador.args }}
args: {{- include "common.tplvalues.render" (dict "value" .Values.backend.redirectAmbassador.args "context" $) | nindent 12 }}
{{- end }}
env:
{{- if .Values.backend.redirectAmbassador.extraEnvVars }}
{{- include "common.tplvalues.render" (dict "value" .Values.backend.redirectAmbassador.extraEnvVars "context" $) | nindent 12 }}
{{- end }}
envFrom:
{{- if .Values.backend.redirectAmbassador.extraEnvVarsCM }}
- configMapRef:
name: {{ include "common.tplvalues.render" (dict "value" .Values.backend.redirectAmbassador.extraEnvVarsCM "context" $) }}
{{- end }}
{{- if .Values.backend.redirectAmbassador.extraEnvVarsSecret }}
- secretRef:
name: {{ include "common.tplvalues.render" (dict "value" .Values.backend.redirectAmbassador.extraEnvVarsSecret "context" $) }}
{{- end }}
{{- if .Values.backend.redirectAmbassador.resources }}
resources: {{- toYaml .Values.backend.redirectAmbassador.resources | nindent 12 }}
{{- else if ne .Values.backend.redirectAmbassador.resourcesPreset "none" }}
resources: {{- include "common.resources.preset" (dict "type" .Values.backend.redirectAmbassador.resourcesPreset) | nindent 12 }}
{{- end }}
ports:
# This port needs to be hardcoded because of Appsmith code
# https://github.com/appsmithorg/appsmith/blob/021b4177eac01a445cacf8bfb4688de449366701/app/server/appsmith-server/src/main/java/com/appsmith/server/configurations/CommonConfig.java#L136
- name: http-redirect
containerPort: 8080
{{- if not .Values.diagnosticMode.enabled }}
{{- if .Values.backend.redirectAmbassador.customLivenessProbe }}
livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.backend.redirectAmbassador.customLivenessProbe "context" $) | nindent 12 }}
{{- else if .Values.backend.redirectAmbassador.livenessProbe.enabled }}
livenessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.backend.redirectAmbassador.livenessProbe "enabled") "context" $) | nindent 12 }}
tcpSocket:
port: http-redirect
{{- end }}
{{- if .Values.backend.redirectAmbassador.customReadinessProbe }}
readinessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.backend.redirectAmbassador.customReadinessProbe "context" $) | nindent 12 }}
{{- else if .Values.backend.redirectAmbassador.readinessProbe.enabled }}
readinessProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.backend.redirectAmbassador.readinessProbe "enabled") "context" $) | nindent 12 }}
httpGet:
path: /rts-api/v1/health-check
port: http-redirect
{{- end }}
{{- if .Values.backend.redirectAmbassador.customStartupProbe }}
startupProbe: {{- include "common.tplvalues.render" (dict "value" .Values.backend.redirectAmbassador.customStartupProbe "context" $) | nindent 12 }}
{{- else if .Values.backend.redirectAmbassador.startupProbe.enabled }}
startupProbe: {{- include "common.tplvalues.render" (dict "value" (omit .Values.backend.redirectAmbassador.startupProbe "enabled") "context" $) | nindent 12 }}
httpGet:
path: /rts-api/v1/health-check
port: http-redirect
{{- end }}
{{- end }}
{{- if .Values.backend.redirectAmbassador.lifecycleHooks }}
lifecycle: {{- include "common.tplvalues.render" (dict "value" .Values.backend.redirectAmbassador.lifecycleHooks "context" $) | nindent 12 }}
{{- end }}
volumeMounts:
- name: haproxy-conf
mountPath: /bitnami/haproxy/conf
- name: empty-dir
mountPath: /tmp
subPath: tmp-dir
{{- if .Values.backend.redirectAmbassador.extraVolumeMounts }}
{{- include "common.tplvalues.render" (dict "value" .Values.backend.redirectAmbassador.extraVolumeMounts "context" $) | nindent 12 }}
{{- end }}
{{- if .Values.backend.sidecars }}
{{- include "common.tplvalues.render" ( dict "value" .Values.backend.sidecars "context" $) | nindent 8 }}
{{- end }}
volumes:
- name: empty-dir
emptyDir: {}
- name: haproxy-conf
configMap:
name: {{ include "appsmith.redirect.fullname" . }}
- name: data
{{- if .Values.backend.persistence.enabled }}
persistentVolumeClaim:

32
bitnami/appsmith/templates/backend/redirect-configmap.yaml Normal file
View File

@@ -0,0 +1,32 @@
{{- /*
Copyright VMware, Inc.
SPDX-License-Identifier: APACHE-2.0
*/}}
apiVersion: v1
kind: ConfigMap
metadata:
name: {{ include "appsmith.redirect.fullname" . }}
namespace: {{ include "common.names.namespace" . | quote }}
labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
app.kubernetes.io/component: backend
{{- if .Values.commonAnnotations }}
annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
{{- end }}
data:
haproxy.cfg: |
global
log stdout format raw local0
maxconn 1024
defaults
log global
timeout client 60s
timeout connect 60s
timeout server 60s
frontend fe_main
{{- /* This port is hardcoded because of Appsmith code */}}
{{- /* https://github.com/appsmithorg/appsmith/blob/021b4177eac01a445cacf8bfb4688de449366701/app/server/appsmith-server/src/main/java/com/appsmith/server/configurations/CommonConfig.java#L136 */}}
bind :8080
default_backend be_main
backend be_main
server rts {{ include "appsmith.rts.fullname" .}}:{{ .Values.rts.service.ports.http }} check

2
bitnami/appsmith/templates/backend/service.yaml
View File

@@ -34,6 +34,8 @@ spec:
{{- if and (eq .Values.backend.service.type "LoadBalancer") (not (empty .Values.backend.service.loadBalancerIP)) }}
loadBalancerIP: {{ .Values.backend.service.loadBalancerIP }}
{{- end }}
# We need this service to be published to avoid a deadlock backend <-> rts (there is a mutual dependency)
publishNotReadyAddresses: true
ports:
- name: http
port: {{ .Values.backend.service.ports.http }}

35
bitnami/appsmith/templates/client/deployment.yaml
View File

@@ -66,9 +66,38 @@ spec:
terminationGracePeriodSeconds: {{ .Values.client.terminationGracePeriodSeconds }}
{{- end }}
initContainers:
- name: preserve-logs-symlinks
image: {{ include "appsmith.image" . }}
imagePullPolicy: {{ .Values.image.pullPolicy | quote }}
{{- if .Values.client.containerSecurityContext.enabled }}
securityContext: {{- omit .Values.client.containerSecurityContext "enabled" | toYaml | nindent 12 }}
{{- end }}
{{- if .Values.client.resources }}
resources: {{- toYaml .Values.client.resources | nindent 12 }}
{{- else if ne .Values.client.resourcesPreset "none" }}
resources: {{- include "common.resources.preset" (dict "type" .Values.client.resourcesPreset) | nindent 12 }}
{{- end }}
command:
- /bin/bash
args:
- -ec
- |
#!/bin/bash
. /opt/bitnami/scripts/libfs.sh
. /opt/bitnami/scripts/liblog.sh
info "Copying the nginx symlinks"
# We copy the logs folder because it has symlinks to stdout and stderr
if ! is_dir_empty /opt/bitnami/nginx/logs; then
cp -r /opt/bitnami/nginx/logs /emptydir/nginx-logs-dir
fi
info "Copy operation completed"
volumeMounts:
- name: empty-dir
mountPath: /emptydir
{{- if not .Values.diagnosticMode.enabled }}
{{- include "appsmith.waitForBackendInitContainer" . | nindent 8 }}
{{- include "appsmith.waitForRTSInitContainer" . | nindent 8 }}
{{- include "appsmith.waitForBackendInitContainer" . | nindent 8 }}
{{- end }}
{{- if .Values.client.initContainers }}
{{- include "common.tplvalues.render" (dict "value" .Values.client.initContainers "context" $) | nindent 8 }}
@@ -105,6 +134,8 @@ spec:
value: {{ .Values.rts.service.ports.http | quote }}
- name: APPSMITH_UI_HTTP_PORT
value: {{ .Values.client.containerPorts.http | quote }}
- name: APPSMITH_UI_HTTPS_PORT
value: {{ .Values.client.containerPorts.https | quote }}
{{- if .Values.client.extraEnvVars }}
{{- include "common.tplvalues.render" (dict "value" .Values.client.extraEnvVars "context" $) | nindent 12 }}
{{- end }}
@@ -125,6 +156,8 @@ spec:
ports:
- name: http
containerPort: {{ .Values.client.containerPorts.http }}
- name: https
containerPort: {{ .Values.client.containerPorts.https }}
{{- if not .Values.diagnosticMode.enabled }}
{{- if .Values.client.customLivenessProbe }}
livenessProbe: {{- include "common.tplvalues.render" (dict "value" .Values.client.customLivenessProbe "context" $) | nindent 12 }}

162
bitnami/appsmith/values.yaml
View File

@@ -108,9 +108,11 @@ client:
##
replicaCount: 1
## @param client.containerPorts.http Appsmith client HTTP container port
## @param client.containerPorts.https Appsmith client HTTPS container port
##
containerPorts:
http: 8080
https: 8443
## Configure extra options for Appsmith client containers' liveness and readiness probes
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes
## @param client.livenessProbe.enabled Enable livenessProbe on Appsmith client containers
@@ -594,7 +596,7 @@ backend:
## @param backend.containerPorts.http Appsmith backend HTTP container port
##
containerPorts:
http: 8080
http: 8083
## Configure extra options for Appsmith backend containers' liveness and readiness probes
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes
## @param backend.livenessProbe.enabled Enable livenessProbe on Appsmith backend containers
@@ -830,6 +832,164 @@ backend:
## command: ['sh', '-c', 'echo "hello world"']
##
initContainers: []
##
## Appsmith Backend sidecar redirect
## This is because the appsmith backend needs to contact the rts server but the address is hardcoded
## in code: https://github.com/appsmithorg/appsmith/blob/021b4177eac01a445cacf8bfb4688de449366701/app/server/appsmith-server/src/main/java/com/appsmith/server/configurations/CommonConfig.java#L136
## Therefore we added a lightweight HAProxy redirect sidecar
redirectAmbassador:
## @section HAProxy Parameters
##
## @param backend.redirectAmbassador.image.registry [default: REGISTRY_NAME] HAProxy image registry
## @param backend.redirectAmbassador.image.repository [default: REPOSITORY_NAME/haproxy] HAProxy image repository
## @skip backend.redirectAmbassador.image.tag HAProxy image tag (immutable tags are recommended)
## @param backend.redirectAmbassador.image.digest HAProxy image digest in the way sha256:aa.... Please note this parameter, if set, will override the tag
## @param backend.redirectAmbassador.image.pullPolicy HAProxy image pull policy
## @param backend.redirectAmbassador.image.pullSecrets HAProxy image pull secrets
##
image:
registry: docker.io
repository: bitnami/haproxy
tag: 2.9.7-debian-12-r0
digest: ""
## Specify a imagePullPolicy
## Defaults to 'Always' if image tag is 'latest', else set to 'IfNotPresent'
## ref: https://kubernetes.io/docs/concepts/containers/images/#pre-pulled-images
##
pullPolicy: IfNotPresent
## Optionally specify an array of imagePullSecrets.
## Secrets must be manually created in the namespace.
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/
## e.g:
## pullSecrets:
## - myRegistryKeySecretName
##
pullSecrets: []
## Configure Container Security Context
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/#set-the-security-context-for-a-container
## @param backend.redirectAmbassador.containerSecurityContext.enabled Enabled Appsmith backend redirect sidecar containers' Security Context
## @param backend.redirectAmbassador.containerSecurityContext.seLinuxOptions [object,nullable] Set SELinux options in container
## @param backend.redirectAmbassador.containerSecurityContext.runAsUser Set containers' Security Context runAsUser
## @param backend.redirectAmbassador.containerSecurityContext.runAsGroup Set containers' Security Context runAsGroup
## @param backend.redirectAmbassador.containerSecurityContext.runAsNonRoot Set Appsmith backend redirect sidecar containers' Security Context runAsNonRoot
## @param backend.redirectAmbassador.containerSecurityContext.readOnlyRootFilesystem Set Appsmith backend redirect sidecar containers' Security Context runAsNonRoot
## @param backend.redirectAmbassador.containerSecurityContext.privileged Set backend container's Security Context privileged
## @param backend.redirectAmbassador.containerSecurityContext.allowPrivilegeEscalation Set backend container's Security Context allowPrivilegeEscalation
## @param backend.redirectAmbassador.containerSecurityContext.capabilities.drop List of capabilities to be dropped
## @param backend.redirectAmbassador.containerSecurityContext.seccompProfile.type Set container's Security Context seccomp profile
##
containerSecurityContext:
enabled: true
seLinuxOptions: {}
runAsUser: 1001
runAsGroup: 1001
runAsNonRoot: true
readOnlyRootFilesystem: true
privileged: false
allowPrivilegeEscalation: false
capabilities:
drop: ["ALL"]
seccompProfile:
type: "RuntimeDefault"
## @param backend.redirectAmbassador.command Override default container command (useful when using custom images)
##
command: []
## @param backend.redirectAmbassador.args Override default container args (useful when using custom images)
##
args: []
## @param backend.redirectAmbassador.lifecycleHooks for the Appsmith backend redirect sidecar container(s) to automate configuration before or after startup
##
lifecycleHooks: {}
## @param backend.redirectAmbassador.extraEnvVars Array with extra environment variables to add to Appsmith backend redirect sidecar nodes
## e.g:
## extraEnvVars:
## - name: FOO
## value: "bar"
##
extraEnvVars: []
## @param backend.redirectAmbassador.extraEnvVarsCM Name of existing ConfigMap containing extra env vars for Appsmith backend redirect sidecar nodes
##
extraEnvVarsCM: ""
## @param backend.redirectAmbassador.extraEnvVarsSecret Name of existing Secret containing extra env vars for Appsmith backend redirect sidecar nodes
##
extraEnvVarsSecret: ""
## @param backend.redirectAmbassador.extraVolumeMounts Optionally specify extra list of additional volumeMounts for the Appsmith backend redirect sidecar container(s)
##
extraVolumeMounts: []
## @param backend.redirectAmbassador.containerPorts.http Appsmith backend redirect sidecar HTTP container port
##
containerPorts:
http: 8080
## Configure extra options for Appsmith backend redirect sidecar containers' liveness and readiness probes
## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes
## @param backend.redirectAmbassador.livenessProbe.enabled Enable livenessProbe on Appsmith backend redirect sidecar containers
## @param backend.redirectAmbassador.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe
## @param backend.redirectAmbassador.livenessProbe.periodSeconds Period seconds for livenessProbe
## @param backend.redirectAmbassador.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe
## @param backend.redirectAmbassador.livenessProbe.failureThreshold Failure threshold for livenessProbe
## @param backend.redirectAmbassador.livenessProbe.successThreshold Success threshold for livenessProbe
##
livenessProbe:
enabled: true
initialDelaySeconds: 30
periodSeconds: 10
timeoutSeconds: 5
failureThreshold: 6
successThreshold: 1
## @param backend.redirectAmbassador.readinessProbe.enabled Enable readinessProbe on Appsmith backend redirect sidecar containers
## @param backend.redirectAmbassador.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe
## @param backend.redirectAmbassador.readinessProbe.periodSeconds Period seconds for readinessProbe
## @param backend.redirectAmbassador.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe
## @param backend.redirectAmbassador.readinessProbe.failureThreshold Failure threshold for readinessProbe
## @param backend.redirectAmbassador.readinessProbe.successThreshold Success threshold for readinessProbe
##
readinessProbe:
enabled: true
initialDelaySeconds: 30
periodSeconds: 10
timeoutSeconds: 5
failureThreshold: 6
successThreshold: 1
## @param backend.redirectAmbassador.startupProbe.enabled Enable startupProbe on Appsmith backend redirect sidecar containers
## @param backend.redirectAmbassador.startupProbe.initialDelaySeconds Initial delay seconds for startupProbe
## @param backend.redirectAmbassador.startupProbe.periodSeconds Period seconds for startupProbe
## @param backend.redirectAmbassador.startupProbe.timeoutSeconds Timeout seconds for startupProbe
## @param backend.redirectAmbassador.startupProbe.failureThreshold Failure threshold for startupProbe
## @param backend.redirectAmbassador.startupProbe.successThreshold Success threshold for startupProbe
##
startupProbe:
enabled: false
initialDelaySeconds: 30
periodSeconds: 10
timeoutSeconds: 5
failureThreshold: 6
successThreshold: 1
## @param backend.redirectAmbassador.customLivenessProbe Custom livenessProbe that overrides the default one
##
customLivenessProbe: {}
## @param backend.redirectAmbassador.customReadinessProbe Custom readinessProbe that overrides the default one
##
customReadinessProbe: {}
## @param backend.redirectAmbassador.customStartupProbe Custom startupProbe that overrides the default one
##
customStartupProbe: {}
## Appsmith backend redirect sidecar resource requests and limits
## ref: http://kubernetes.io/docs/concepts/configuration/manage-compute-resources-container/
## @param backend.redirectAmbassador.resourcesPreset Set container resources according to one common preset (allowed values: none, nano, micro, small, medium, large, xlarge, 2xlarge). This is ignored if backend.resources is set (backend.resources is recommended for production).
## More information: https://github.com/bitnami/charts/blob/main/bitnami/common/templates/_resources.tpl#L15
##
resourcesPreset: "nano"
## @param backend.redirectAmbassador.resources Set container requests and limits for different resources like CPU or memory (essential for production workloads)
## Example:
## resources:
## requests:
## cpu: 2
## memory: 512Mi
## limits:
## cpu: 3
## memory: 1024Mi
##
resources: {}
## @section Appsmith Backend Network Policies
## Ref: https://kubernetes.io/docs/concepts/services-networking/network-policies/
##