fix(helm): guaranteed QoS, config checksum, migration retry limit

- Set resources req=limit (100m/128Mi) for Guaranteed QoS class - Add ConfigMap checksum annotation to trigger rollouts on config changes - Add retry limit (60 attempts) to migration init container - Use TARGETARCH in Dockerfile for multi-arch build support
2026-04-01 23:44:50 +02:00
parent 482fcd180a
commit 53d7faae24
4 changed files with 18 additions and 9 deletions
--- a/backend/deploy/Dockerfile
+++ b/backend/deploy/Dockerfile
@@ -12,7 +12,8 @@ RUN go mod download

 COPY . .

-RUN CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build -ldflags="-s -w" -o /api ./cmd/api
+ARG TARGETOS TARGETARCH
+RUN CGO_ENABLED=0 GOOS=${TARGETOS} GOARCH=${TARGETARCH} go build -ldflags="-s -w" -o /api ./cmd/api

 FROM alpine:3.21

--- a/backend/deploy/helm/templates/deployment.yaml
+++ b/backend/deploy/helm/templates/deployment.yaml
@@ -19,6 +19,8 @@ spec:
      {{- include "marktvogt-backend.selectorLabels" . | nindent 6 }}
  template:
    metadata:
+      annotations:
+        checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }}
      labels:
        {{- include "marktvogt-backend.selectorLabels" . | nindent 8 }}
    spec:
--- a/backend/deploy/helm/templates/migrate-job.yaml
+++ b/backend/deploy/helm/templates/migrate-job.yaml
@@ -40,8 +40,8 @@ spec:
              cpu: 10m
              memory: 16Mi
            limits:
-              cpu: 50m
-              memory: 32Mi
+              cpu: 10m
+              memory: 16Mi
          securityContext:
            allowPrivilegeEscalation: false
            readOnlyRootFilesystem: true
@@ -52,7 +52,13 @@ spec:
            - -c
            - |
              echo "Waiting for PostgreSQL..."
+              retries=0
              until nc -z -w 2 "$DB_HOST" "$DB_PORT" 2>/dev/null; do
+                retries=$((retries + 1))
+                if [ "$retries" -ge 60 ]; then
+                  echo "PostgreSQL unreachable after 60 retries — aborting"
+                  exit 1
+                fi
                sleep 3
              done
              echo "PostgreSQL is reachable"
@@ -76,8 +82,8 @@ spec:
              cpu: 10m
              memory: 32Mi
            limits:
-              cpu: 50m
-              memory: 64Mi
+              cpu: 10m
+              memory: 32Mi
          securityContext:
            allowPrivilegeEscalation: false
            readOnlyRootFilesystem: true
--- a/backend/deploy/helm/values.yaml
+++ b/backend/deploy/helm/values.yaml
@@ -29,8 +29,8 @@ resources:
    cpu: 100m
    memory: 128Mi
  limits:
-    cpu: 200m
-    memory: 256Mi
+    cpu: 100m
+    memory: 128Mi

 autoscaling:
  enabled: false
@@ -127,8 +127,8 @@ dragonfly:
      cpu: 100m
      memory: 128Mi
    limits:
-      cpu: 200m
-      memory: 512Mi
+      cpu: 100m
+      memory: 128Mi

 # Migration job (Helm pre-install/pre-upgrade hook)
 migrate: