Skip to content

chore: implement init containers for dynamic configuration generation… #113

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
xiangyisss wants to merge 23 commits into
base: main
Choose a base branch
from
Open

chore: implement init containers for dynamic configuration generation… #113

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
23 commits
Select commit Hold shift + click to select a range
a2b8237
chore: implement init containers for dynamic configuration generation…
xiangyisss Nov 26, 2025
dc141d3
chore: adjust indentation for initPermissionsContainer in multiple de…
xiangyisss Nov 26, 2025
dfe0598
update licence mountPath in deployment templates
xiangyisss Nov 27, 2025
99d65d5
chore: implement config generation scripts and update RabbitMQ config…
xiangyisss Dec 1, 2025
c4fd6fd
chore: revert dummy-data ConfigMap to use dynamic appname label
xiangyisss Dec 1, 2025
e040891
Merge main into EXVT-6034
xiangyisss Dec 2, 2025
1a1c201
Merge remote-tracking branch 'origin/main' into EXVT-6034
xiangyisss Dec 5, 2025
65f6104
chore: enhance config generation for Postgres and RabbitMQ; remove un…
xiangyisss Dec 9, 2025
cfd2e5d
chore: simplify config generation by embedding non-sensitive values d…
xiangyisss Dec 9, 2025
ea43831
chore: update config generation to include chronos and griffon TTL va…
xiangyisss Dec 10, 2025
5ffb4c2
chore: removing config generator script and apply internal jq image
xiangyisss Dec 17, 2025
bfec645
chore: update PostgreSQL and RabbitMQ configurations to set default v…
xiangyisss Dec 17, 2025
e0125e5
chore: refactor volume and mount definitions for consistency across d…
xiangyisss Dec 17, 2025
449368a
chore: update deployment templates to include checksum annotations fo…
xiangyisss Dec 18, 2025
1466666
chore: fix indentation for probes inclusion in chronos deployment tem…
xiangyisss Dec 18, 2025
bc4b8f1
chore: update image configuration defaults in init config templates a…
xiangyisss Dec 18, 2025
8adcca2
chore: refactor
xiangyisss Dec 23, 2025
e3e4d48
chore: update checksum annotations for configmaps in deployment templ…
xiangyisss Dec 23, 2025
7df761f
chore: remove database and message queue credentials from deployment …
xiangyisss Dec 23, 2025
ec08569
chore: remove unused config references in deployment templates
xiangyisss Dec 23, 2025
a5db63d
chore: update initConfigInjector to use jq for secret injection and a…
xiangyisss Jan 2, 2026
3cbbc1f
chore: increase HELM_TIMEOUT from 10m to 15m for better deployment st…
xiangyisss Jan 5, 2026
7bc9251
chore: update rabbitmq secret references in deployment templates and …
xiangyisss Jan 5, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions .github/workflows/daily-release.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -28,6 +28,7 @@ jobs:
- proximity-cli
- transcript
- use
- jq
steps:
- name: release images with tags
uses: exivity/actions/retag-image@main
Expand Down
1 change: 1 addition & 0 deletions .github/workflows/image-release.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -29,6 +29,7 @@ jobs:
- proximity-cli
- transcript
- use
- jq
steps:
- name: release images with tags
uses: exivity/actions/retag-image@main
Expand Down
8 changes: 4 additions & 4 deletions charts/exivity/templates/_config.tpl
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -26,8 +26,8 @@ data:
"port": {{ $.Values.postgresql.port | default 5432 }},
"sslmode": {{ $.Values.postgresql.sslmode | default "disable" | quote }},
"dbname": {{ $.Values.postgresql.global.postgresql.auth.database | quote }},
"user": {{ $.Values.postgresql.global.postgresql.auth.username | quote }},
"password": {{ $.Values.postgresql.global.postgresql.auth.password | quote }},
"user": "{{ "{{" }}DB_USER{{ "}}" }}",
"password": "{{ "{{" }}DB_PASSWORD{{ "}}" }}",
"connect_timeout": 10
}
},
Expand All @@ -39,8 +39,8 @@ data:
"secure": {{ $.Values.rabbitmq.secure | default false }}
}
],
"user": {{ $.Values.rabbitmq.auth.username | quote }},
"password": {{ $.Values.rabbitmq.auth.password | quote }},
"user": "{{ "{{" }}MQ_USER{{ "}}" }}",
"password": "{{ "{{" }}MQ_PASSWORD{{ "}}" }}",
"vhost": {{ $.Values.rabbitmq.vhost | default "/" | quote }},
"redialPeriod": 5
},
Expand Down
80 changes: 80 additions & 0 deletions charts/exivity/templates/_init_config_injector.tpl
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,80 @@
{{/*
Simple init container that injects secrets into config.json
Replaces placeholders {{DB_USER}}, {{DB_PASSWORD}}, {{MQ_USER}}, {{MQ_PASSWORD}}
Can be used by all deployments
*/}}
{{- define "exivity.initConfigInjector" }}
- name: inject-secrets
image: {{ include "exivity.image" (set $ "name" "configGenerator") }}
imagePullPolicy: {{ .Values.service.configGenerator.pullPolicy | default .Values.service.pullPolicy | default "IfNotPresent" }}
command: ["/bin/sh", "-c"]
args:
- |
set -e
echo "Injecting secrets into config.json..."

jq --arg db_user "$DB_USER" \
--arg db_password "$DB_PASSWORD" \
--arg mq_user "$MQ_USER" \
--arg mq_password "$MQ_PASSWORD" \
'.db.parameters.user = $db_user |
.db.parameters.password = $db_password |
.mq.user = $mq_user |
.mq.password = $mq_password' \
/config-template/config.json > /config/config.json

echo "Config generated successfully"
env:
- name: DB_USER
valueFrom:
secretKeyRef:
name: {{ include "exivity.fullname" . }}-postgres-secret
key: POSTGRES_USER
- name: DB_PASSWORD
valueFrom:
secretKeyRef:
name: {{ include "exivity.fullname" . }}-postgres-secret
key: POSTGRES_PASSWORD
- name: MQ_USER
valueFrom:
secretKeyRef:
name: {{ include "exivity.fullname" . }}-rabbitmq-secret
key: RABBITMQ_USERNAME
- name: MQ_PASSWORD
valueFrom:
secretKeyRef:
name: {{ include "exivity.fullname" . }}-rabbitmq-secret
key: RABBITMQ_PASSWORD
volumeMounts:
- name: config-template
mountPath: /config-template
readOnly: true
- name: config-generated
mountPath: /config
{{- end }}

{{/*
Volume for the config template (ConfigMap with placeholders)
*/}}
{{- define "exivity.configTemplateVolume" }}
- name: config-template
configMap:
name: {{ .configMapName }}
{{- end }}

{{/*
Volume for the generated config (emptyDir)
*/}}
{{- define "exivity.configGeneratedVolume" }}
- name: config-generated
emptyDir: {}
{{- end }}

{{/*
Volume mount for the generated config.json
*/}}
{{- define "exivity.configVolumeMount" }}
- name: config-generated
mountPath: /exivity/home/system/config.json
subPath: config.json
{{- end }}
20 changes: 11 additions & 9 deletions charts/exivity/templates/chronos/deployment.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -13,26 +13,29 @@ spec:
{{- include "exivity.matchLabels" $ | indent 6 }}
template:
metadata:
annotations:
checksum/{{- include "exivity.fullname" $ -}}-config-shared: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }}
checksum/postgres-secret: {{ include (print $.Template.BasePath "/postgres-secret.yaml") . | sha256sum }}
checksum/rabbitmq-secret: {{ include (print $.Template.BasePath "/rabbitmq-secret.yaml") . | sha256sum }}
labels:
app.kubernetes.io/component: chronos
{{- include "exivity.labels" $ | indent 8 }}
annotations:
checksum/{{- include "exivity.fullname" $ -}}-config-shared: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }}
spec:
securityContext:
{{- include "exivity.securityContext" (dict "root" . "component" "chronos") | indent 8 }}
volumes:
- name: config-file
configMap:
name: {{ include "exivity.fullname" $ -}}-config-shared
{{- include "exivity.configTemplateVolume" (dict "configMapName" (printf "%s-config-shared" (include "exivity.fullname" $))) | nindent 8 }}
{{- include "exivity.configGeneratedVolume" . | nindent 8 }}
- name: config
persistentVolumeClaim:
claimName: {{ include "exivity.fullname" $ -}}-chronos-config
- name: log
persistentVolumeClaim:
claimName: {{ include "exivity.fullname" $ -}}-chronos-log
{{- include "exivity.permissionScriptVolume" . | nindent 8 }}
{{- include "exivity.initPermissions" (dict "root" . "component" "chronos" "volumes" (list "config" "log")) | nindent 6 }}
initContainers:
{{- include "exivity.initConfigInjector" . | nindent 8 }}
{{- include "exivity.initPermissionsContainer" (dict "root" . "component" "chronos" "volumes" (list "config" "log")) | nindent 8 }}
containers:
- name: chronos
image: {{ include "exivity.image" (set $ "name" "chronos") }}
Expand All @@ -47,11 +50,10 @@ spec:
volumeMounts:
- name: config
mountPath: /exivity/home/system/config
- name: config-file
mountPath: /exivity/home/system
{{- include "exivity.configVolumeMount" . | nindent 12 }}
- name: log
mountPath: /exivity/home/log/chronos
{{- include "exivity.probes" $ | indent 10}}
{{- include "exivity.probes" $ | nindent 10 }}
{{- with .Values.service.pullSecrets }}
imagePullSecrets:
{{- range $name := .}}
Expand Down
54 changes: 28 additions & 26 deletions charts/exivity/templates/dummy-data/job.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -15,14 +15,39 @@ spec:
ttlSecondsAfterFinished: 300
template:
metadata:
annotations:
checksum/{{- include "exivity.fullname" $ -}}-config-shared: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }}
checksum/postgres-secret: {{ include (print $.Template.BasePath "/postgres-secret.yaml") . | sha256sum }}
checksum/rabbitmq-secret: {{ include (print $.Template.BasePath "/rabbitmq-secret.yaml") . | sha256sum }}
labels:
app.kubernetes.io/component: dummy-data
{{- include "exivity.labels" $ | indent 8 }}
annotations:
checksum/{{- include "exivity.fullname" $ -}}-config-shared: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }}
spec:
securityContext:
{{- include "exivity.securityContext" (dict "root" . "component" "dummyData") | indent 8 }}
volumes:
{{- include "exivity.configTemplateVolume" (dict "configMapName" (printf "%s-config-shared" (include "exivity.fullname" $))) | nindent 8 }}
{{- include "exivity.configGeneratedVolume" . | nindent 8 }}
- name: preset-file
configMap:
name: {{ include "exivity.fullname" $ -}}-dummy-data-preset
- name: config
persistentVolumeClaim:
claimName: {{ include "exivity.fullname" $ -}}-etl-config
- name: import
persistentVolumeClaim:
claimName: {{ include "exivity.fullname" $ -}}-import
- name: report
persistentVolumeClaim:
claimName: {{ include "exivity.fullname" $ -}}-report
- name: exported
persistentVolumeClaim:
claimName: {{ include "exivity.fullname" $ -}}-exported
- name: extracted
persistentVolumeClaim:
claimName: {{ include "exivity.fullname" $ -}}-extracted
initContainers:
{{- include "exivity.initConfigInjector" . | nindent 8 }}
containers:
- name: dummy-data
image: {{ include "exivity.image" (set $ "name" "dummyData") }}
Expand All @@ -39,8 +64,7 @@ spec:
volumeMounts:
- name: config
mountPath: /exivity/home/system/config
- name: config-file
mountPath: /exivity/home/system
{{- include "exivity.configVolumeMount" . | nindent 12 }}
- name: exported
mountPath: /exivity/home/exported
- name: extracted
Expand All @@ -51,28 +75,6 @@ spec:
mountPath: /exivity/home/system/report
- name: preset-file
mountPath: /exivity/home/system/preset
volumes:
- name: preset-file
configMap:
name: {{ include "exivity.fullname" $ -}}-dummy-data-preset
- name: config-file
configMap:
name: {{ include "exivity.fullname" $ -}}-config-shared
- name: config
persistentVolumeClaim:
claimName: {{ include "exivity.fullname" $ -}}-etl-config
- name: import
persistentVolumeClaim:
claimName: {{ include "exivity.fullname" $ -}}-import
- name: report
persistentVolumeClaim:
claimName: {{ include "exivity.fullname" $ -}}-report
- name: exported
persistentVolumeClaim:
claimName: {{ include "exivity.fullname" $ -}}-exported
- name: extracted
persistentVolumeClaim:
claimName: {{ include "exivity.fullname" $ -}}-extracted
restartPolicy: Never
{{- with .Values.service.pullSecrets }}
imagePullSecrets:
Expand Down
34 changes: 21 additions & 13 deletions charts/exivity/templates/edify/deployment.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -17,22 +17,23 @@ spec:
app.kubernetes.io/component: edify
{{- include "exivity.labels" $ | indent 8 }}
annotations:
checksum/{{- include "exivity.fullname" $ -}}-config-edify: {{ include (print $.Template.BasePath "/edify/configmap.yaml") . | sha256sum }}
checksum/{{- include "exivity.fullname" $ -}}-licence-pub: {{ include (print $.Template.BasePath "/proximity/api.configmap.yaml") . | sha256sum }}
checksum/{{- include "exivity.fullname" $ -}}-licence-key: {{ include (print $.Template.BasePath "/proximity/api.secret.yaml") . | sha256sum }}
checksum/{{- include "exivity.fullname" $ -}}-config-edify: {{ include (print $.Template.BasePath "/edify/configmap.yaml") . | sha256sum }}
checksum/postgres-secret: {{ include (print $.Template.BasePath "/postgres-secret.yaml") . | sha256sum }}
checksum/rabbitmq-secret: {{ include (print $.Template.BasePath "/rabbitmq-secret.yaml") . | sha256sum }}
spec:
securityContext:
{{- include "exivity.securityContext" (dict "root" . "component" "edify") | indent 8 }}
volumes:
- name: config-file
projected:
sources:
- configMap:
name: {{ include "exivity.fullname" $ -}}-config-edify
- configMap:
name: {{ include "exivity.fullname" $ -}}-licence-pub
- secret:
name: {{ include "exivity.fullname" $ -}}-licence-key
{{- include "exivity.configTemplateVolume" (dict "configMapName" (printf "%s-config-edify" (include "exivity.fullname" $))) | nindent 8 }}
{{- include "exivity.configGeneratedVolume" . | nindent 8 }}
- name: licence-pub
configMap:
name: {{ include "exivity.fullname" $ -}}-licence-pub
- name: licence-key
secret:
secretName: {{ include "exivity.fullname" $ -}}-licence-key
- name: config
persistentVolumeClaim:
claimName: {{ include "exivity.fullname" $ -}}-etl-config
Expand All @@ -46,7 +47,9 @@ spec:
persistentVolumeClaim:
claimName: {{ include "exivity.fullname" $ -}}-report
{{- include "exivity.permissionScriptVolume" . | nindent 8 }}
{{- include "exivity.initPermissions" (dict "root" . "component" "edify" "volumes" (list "config" "extracted" "log" "report")) | nindent 6 }}
initContainers:
{{- include "exivity.initConfigInjector" . | nindent 8 }}
{{- include "exivity.initPermissionsContainer" (dict "root" . "component" "edify" "volumes" (list "config" "extracted" "log" "report")) | nindent 8 }}
containers:
- name: edify
image: {{ include "exivity.image" (set $ "name" "edify") }}
Expand All @@ -65,8 +68,13 @@ spec:
volumeMounts:
- name: config
mountPath: /exivity/home/system/config
- name: config-file
mountPath: /exivity/home/system
{{- include "exivity.configVolumeMount" . | nindent 12 }}
- name: licence-pub
mountPath: /exivity/home/system/license.pub
subPath: license.pub
- name: licence-key
mountPath: /exivity/home/system/license.key
subPath: license.key
- name: extracted
mountPath: /exivity/home/system/extracted
- name: log
Expand Down
17 changes: 11 additions & 6 deletions charts/exivity/templates/executor/deployment.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -13,15 +13,19 @@ spec:
{{- include "exivity.matchLabels" $ | indent 6 }}
template:
metadata:
annotations:
checksum/{{- include "exivity.fullname" $ -}}-config-executor: {{ include (print $.Template.BasePath "/executor/configmap.yaml") . | sha256sum }}
checksum/postgres-secret: {{ include (print $.Template.BasePath "/postgres-secret.yaml") . | sha256sum }}
checksum/rabbitmq-secret: {{ include (print $.Template.BasePath "/rabbitmq-secret.yaml") . | sha256sum }}
labels:
app.kubernetes.io/component: executor
{{- include "exivity.labels" $ | indent 8 }}
annotations:
checksum/{{- include "exivity.fullname" $ -}}-config-executor: {{ include (print $.Template.BasePath "/executor/configmap.yaml") . | sha256sum }}
spec:
securityContext:
{{- include "exivity.securityContext" (dict "root" . "component" "executor") | indent 8 }}
volumes:
{{- include "exivity.configTemplateVolume" (dict "configMapName" (printf "%s-config-executor" (include "exivity.fullname" $))) | nindent 8 }}
{{- include "exivity.configGeneratedVolume" . | nindent 8 }}
- name: config-file
configMap:
name: {{ include "exivity.fullname" $ -}}-config-executor
Expand All @@ -44,7 +48,9 @@ spec:
persistentVolumeClaim:
claimName: {{ include "exivity.fullname" $ -}}-executor-log
{{- include "exivity.permissionScriptVolume" . | nindent 8 }}
{{- include "exivity.initPermissions" (dict "root" . "component" "executor" "volumes" (list "config" "import" "report" "exported" "extracted" "log")) | nindent 6 }}
initContainers:
{{- include "exivity.initConfigInjector" . | nindent 8 }}
{{- include "exivity.initPermissionsContainer" (dict "root" . "component" "executor" "volumes" (list "config" "import" "report" "exported" "extracted" "log")) | nindent 8 }}
containers:
- name: executor
image: {{ include "exivity.image" (set $ "name" "executor") }}
Expand All @@ -59,8 +65,7 @@ spec:
volumeMounts:
- name: config
mountPath: /exivity/home/system/config
- name: config-file
mountPath: /exivity/home/system
{{- include "exivity.configVolumeMount" . | nindent 12 }}
- name: exported
mountPath: /exivity/home/exported
- name: extracted
Expand All @@ -84,4 +89,4 @@ spec:
{{- include "exivity.tolerations" (dict "Values" .Values "component" .Values.service.executor) | nindent 6 }}
{{- include "exivity.nodeSelector" (dict "Values" .Values "component" .Values.service.executor) | nindent 6 }}
affinity:
{{- include "exivity.nodeAffinity" (dict "Values" .Values "component" .Values.service.executor) | nindent 8 }}
{{- include "exivity.nodeAffinity" (dict "Values" .Values "component" .Values.service.executor) | nindent 8 }}
Loading
Loading