From f6cdd16469380742191c707de988d5c936552fca Mon Sep 17 00:00:00 2001 From: Mondo Diaz Date: Fri, 5 Dec 2025 17:22:46 -0600 Subject: [PATCH] Clean up Helm chart for Python backend MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - Remove configmap.yaml (Python uses env vars, not YAML config) - Remove migration-job.yaml (SQLAlchemy creates tables on startup) - Rename migrations.enabled to waitForDatabase - Set readOnlyRootFilesystem: false (Python needs __pycache__) 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude --- helm/orchard/templates/configmap.yaml | 22 ---------- helm/orchard/templates/deployment.yaml | 3 +- helm/orchard/templates/migration-job.yaml | 52 ----------------------- helm/orchard/values.yaml | 10 ++--- 4 files changed, 4 insertions(+), 83 deletions(-) delete mode 100644 helm/orchard/templates/configmap.yaml delete mode 100644 helm/orchard/templates/migration-job.yaml diff --git a/helm/orchard/templates/configmap.yaml b/helm/orchard/templates/configmap.yaml deleted file mode 100644 index 4a79d5c..0000000 --- a/helm/orchard/templates/configmap.yaml +++ /dev/null @@ -1,22 +0,0 @@ -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "orchard.fullname" . }}-config - labels: - {{- include "orchard.labels" . | nindent 4 }} -data: - config.yaml: | - server: - host: {{ .Values.orchard.server.host | quote }} - port: {{ .Values.orchard.server.port }} - database: - host: {{ include "orchard.postgresql.host" . | quote }} - port: {{ .Values.orchard.database.port }} - user: {{ .Values.orchard.database.user | default .Values.postgresql.auth.username | quote }} - dbname: {{ .Values.orchard.database.dbname | default .Values.postgresql.auth.database | quote }} - sslmode: {{ .Values.orchard.database.sslmode | quote }} - s3: - endpoint: {{ include "orchard.minio.host" . | quote }} - region: {{ .Values.orchard.s3.region | quote }} - bucket: {{ .Values.orchard.s3.bucket | quote }} - use_path_style: {{ .Values.orchard.s3.usePathStyle }} diff --git a/helm/orchard/templates/deployment.yaml b/helm/orchard/templates/deployment.yaml index 2ec01bd..c24b6f1 100644 --- a/helm/orchard/templates/deployment.yaml +++ b/helm/orchard/templates/deployment.yaml @@ -14,7 +14,6 @@ spec: template: metadata: annotations: - checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }} checksum/secret: {{ include (print $.Template.BasePath "/secret.yaml") . | sha256sum }} {{- with .Values.podAnnotations }} {{- toYaml . | nindent 8 }} @@ -33,7 +32,7 @@ spec: securityContext: {{- toYaml .Values.podSecurityContext | nindent 8 }} initContainers: - {{- if .Values.migrations.enabled }} + {{- if .Values.waitForDatabase }} - name: wait-for-db image: "{{ .Values.initContainer.image.repository }}:{{ .Values.initContainer.image.tag }}" imagePullPolicy: {{ .Values.initContainer.image.pullPolicy }} diff --git a/helm/orchard/templates/migration-job.yaml b/helm/orchard/templates/migration-job.yaml deleted file mode 100644 index 1b991ca..0000000 --- a/helm/orchard/templates/migration-job.yaml +++ /dev/null @@ -1,52 +0,0 @@ -{{- if .Values.migrations.enabled }} -apiVersion: batch/v1 -kind: Job -metadata: - name: {{ include "orchard.fullname" . }}-migrations - labels: - {{- include "orchard.labels" . | nindent 4 }} - annotations: - "helm.sh/hook": post-install,post-upgrade - "helm.sh/hook-weight": "-5" - "helm.sh/hook-delete-policy": before-hook-creation,hook-succeeded -spec: - template: - metadata: - labels: - {{- include "orchard.selectorLabels" . | nindent 8 }} - spec: - {{- with .Values.imagePullSecrets }} - imagePullSecrets: - {{- toYaml . | nindent 8 }} - {{- end }} - restartPolicy: Never - initContainers: - - name: wait-for-db - image: "{{ .Values.initContainer.image.repository }}:{{ .Values.initContainer.image.tag }}" - imagePullPolicy: {{ .Values.initContainer.image.pullPolicy }} - command: ['sh', '-c', 'until nc -z {{ include "orchard.postgresql.host" . }} 5432; do echo waiting for database; sleep 2; done;'] - containers: - - name: migrations - image: "{{ .Values.migrations.image.repository }}:{{ .Values.migrations.image.tag | default .Chart.AppVersion }}" - command: ["/bin/sh", "-c"] - args: - - | - # The orchard-server automatically runs migrations on startup - # This job just verifies connectivity - echo "Database is ready at {{ include "orchard.postgresql.host" . }}:5432" - env: - - name: ORCHARD_DATABASE_HOST - value: {{ include "orchard.postgresql.host" . | quote }} - - name: ORCHARD_DATABASE_PORT - value: {{ .Values.orchard.database.port | quote }} - - name: ORCHARD_DATABASE_USER - value: {{ .Values.orchard.database.user | default .Values.postgresql.auth.username | quote }} - - name: ORCHARD_DATABASE_DBNAME - value: {{ .Values.orchard.database.dbname | default .Values.postgresql.auth.database | quote }} - - name: ORCHARD_DATABASE_PASSWORD - valueFrom: - secretKeyRef: - name: {{ include "orchard.postgresql.secretName" . }} - key: {{ include "orchard.postgresql.passwordKey" . }} - backoffLimit: 3 -{{- end }} diff --git a/helm/orchard/values.yaml b/helm/orchard/values.yaml index 271765a..1565be3 100644 --- a/helm/orchard/values.yaml +++ b/helm/orchard/values.yaml @@ -28,7 +28,7 @@ podLabels: {} podSecurityContext: {} securityContext: - readOnlyRootFilesystem: true + readOnlyRootFilesystem: false # Python needs to write __pycache__ runAsNonRoot: true runAsUser: 1000 @@ -165,12 +165,8 @@ redis: enabled: true size: 1Gi -# Database migrations -migrations: - enabled: false - image: - repository: orchard-server - tag: "" +# Wait for database before starting (SQLAlchemy creates tables on startup) +waitForDatabase: true global: security: