From 53d7faae2473455142e158ac0a27136bb9ff42bd Mon Sep 17 00:00:00 2001 From: vikingowl Date: Wed, 1 Apr 2026 23:44:50 +0200 Subject: [PATCH] fix(helm): guaranteed QoS, config checksum, migration retry limit - Set resources req=limit (100m/128Mi) for Guaranteed QoS class - Add ConfigMap checksum annotation to trigger rollouts on config changes - Add retry limit (60 attempts) to migration init container - Use TARGETARCH in Dockerfile for multi-arch build support --- backend/deploy/Dockerfile | 3 ++- backend/deploy/helm/templates/deployment.yaml | 2 ++ backend/deploy/helm/templates/migrate-job.yaml | 14 ++++++++++---- backend/deploy/helm/values.yaml | 8 ++++---- 4 files changed, 18 insertions(+), 9 deletions(-) diff --git a/backend/deploy/Dockerfile b/backend/deploy/Dockerfile index c8c3e6f..a83c870 100644 --- a/backend/deploy/Dockerfile +++ b/backend/deploy/Dockerfile @@ -12,7 +12,8 @@ RUN go mod download COPY . . -RUN CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build -ldflags="-s -w" -o /api ./cmd/api +ARG TARGETOS TARGETARCH +RUN CGO_ENABLED=0 GOOS=${TARGETOS} GOARCH=${TARGETARCH} go build -ldflags="-s -w" -o /api ./cmd/api FROM alpine:3.21 diff --git a/backend/deploy/helm/templates/deployment.yaml b/backend/deploy/helm/templates/deployment.yaml index 61a9768..7ef22b9 100644 --- a/backend/deploy/helm/templates/deployment.yaml +++ b/backend/deploy/helm/templates/deployment.yaml @@ -19,6 +19,8 @@ spec: {{- include "marktvogt-backend.selectorLabels" . | nindent 6 }} template: metadata: + annotations: + checksum/config: {{ include (print $.Template.BasePath "/configmap.yaml") . | sha256sum }} labels: {{- include "marktvogt-backend.selectorLabels" . | nindent 8 }} spec: diff --git a/backend/deploy/helm/templates/migrate-job.yaml b/backend/deploy/helm/templates/migrate-job.yaml index ed5c586..6e1d1c1 100644 --- a/backend/deploy/helm/templates/migrate-job.yaml +++ b/backend/deploy/helm/templates/migrate-job.yaml @@ -40,8 +40,8 @@ spec: cpu: 10m memory: 16Mi limits: - cpu: 50m - memory: 32Mi + cpu: 10m + memory: 16Mi securityContext: allowPrivilegeEscalation: false readOnlyRootFilesystem: true @@ -52,7 +52,13 @@ spec: - -c - | echo "Waiting for PostgreSQL..." + retries=0 until nc -z -w 2 "$DB_HOST" "$DB_PORT" 2>/dev/null; do + retries=$((retries + 1)) + if [ "$retries" -ge 60 ]; then + echo "PostgreSQL unreachable after 60 retries — aborting" + exit 1 + fi sleep 3 done echo "PostgreSQL is reachable" @@ -76,8 +82,8 @@ spec: cpu: 10m memory: 32Mi limits: - cpu: 50m - memory: 64Mi + cpu: 10m + memory: 32Mi securityContext: allowPrivilegeEscalation: false readOnlyRootFilesystem: true diff --git a/backend/deploy/helm/values.yaml b/backend/deploy/helm/values.yaml index 45d9010..86e5857 100644 --- a/backend/deploy/helm/values.yaml +++ b/backend/deploy/helm/values.yaml @@ -29,8 +29,8 @@ resources: cpu: 100m memory: 128Mi limits: - cpu: 200m - memory: 256Mi + cpu: 100m + memory: 128Mi autoscaling: enabled: false @@ -127,8 +127,8 @@ dragonfly: cpu: 100m memory: 128Mi limits: - cpu: 200m - memory: 512Mi + cpu: 100m + memory: 128Mi # Migration job (Helm pre-install/pre-upgrade hook) migrate: