Use CI variable for stage admin password

helm/orchard/templates/deployment.yaml

@@ -128,6 +128,18 @@ spec:
               value: {{ .Values.orchard.rateLimit.login | quote }}
             {{- end }}
             {{- end }}
+            {{- if .Values.orchard.database.poolSize }}
+            - name: ORCHARD_DATABASE_POOL_SIZE
+              value: {{ .Values.orchard.database.poolSize | quote }}
+            {{- end }}
+            {{- if .Values.orchard.database.maxOverflow }}
+            - name: ORCHARD_DATABASE_MAX_OVERFLOW
+              value: {{ .Values.orchard.database.maxOverflow | quote }}
+            {{- end }}
+            {{- if .Values.orchard.database.poolTimeout }}
+            - name: ORCHARD_DATABASE_POOL_TIMEOUT
+              value: {{ .Values.orchard.database.poolTimeout | quote }}
+            {{- end }}
             {{- if .Values.orchard.auth }}
             {{- if or .Values.orchard.auth.secretsManager .Values.orchard.auth.existingSecret .Values.orchard.auth.adminPassword }}
             - name: ORCHARD_ADMIN_PASSWORD

helm/orchard/values-dev.yaml

@@ -53,15 +53,16 @@ ingress:
       hosts:
         - orchard-dev.common.global.bsf.tools  # Overridden by CI
 
-# Lighter resources for ephemeral environments
+# Resources for dev/feature environments
+# Bumped to handle concurrent integration tests
 # Note: memory requests must equal limits per cluster policy
 resources:
   limits:
-    cpu: 250m
-    memory: 256Mi
+    cpu: 500m
+    memory: 512Mi
   requests:
-    cpu: 100m
-    memory: 256Mi
+    cpu: 200m
+    memory: 512Mi
 
 livenessProbe:
   httpGet:
@@ -103,6 +104,10 @@ orchard:
     sslmode: disable
     existingSecret: ""
     existingSecretPasswordKey: "password"
+    # Increased pool settings for concurrent integration tests
+    poolSize: 10
+    maxOverflow: 20
+    poolTimeout: 60
 
   s3:
     endpoint: ""
@@ -138,15 +143,16 @@ postgresql:
   primary:
     persistence:
       enabled: false
-    # Resources with memory requests = limits per cluster policy
+    # Bumped resources for concurrent integration tests
+    # Note: memory requests must equal limits per cluster policy
     resourcesPreset: "none"
     resources:
       limits:
-        cpu: 250m
-        memory: 256Mi
+        cpu: 500m
+        memory: 512Mi
       requests:
-        cpu: 100m
-        memory: 256Mi
+        cpu: 200m
+        memory: 512Mi
   # Volume permissions init container
   volumePermissions:
     resourcesPreset: "none"
@@ -172,15 +178,16 @@ minio:
   defaultBuckets: "orchard-artifacts"
   persistence:
     enabled: false
-  # Resources with memory requests = limits per cluster policy
+  # Bumped resources for concurrent integration tests
+  # Note: memory requests must equal limits per cluster policy
   resourcesPreset: "none"  # Disable preset to use explicit resources
   resources:
     limits:
-      cpu: 250m
-      memory: 256Mi
+      cpu: 500m
+      memory: 512Mi
     requests:
-      cpu: 100m
-      memory: 256Mi
+      cpu: 200m
+      memory: 512Mi
   # Init container resources
   defaultInitContainers:
     volumePermissions:

helm/orchard/values-stage.yaml

@@ -96,11 +96,8 @@ orchard:
     port: 8080
 
   # Authentication settings
-  auth:
-    # Admin password from AWS Secrets Manager
-    secretsManager:
-      enabled: true
-      secretArn: "arn:aws-us-gov:secretsmanager:us-gov-west-1:052673043337:secret:orchard-stage-creds-SMqvQx"
+  # Admin password is set via CI variable (STAGE_ADMIN_PASSWORD) passed as --set flag
+  # This keeps the password out of version control
 
   # Database configuration - uses AWS Secrets Manager via CSI driver
   database: