From 62cbdfb6a8e90c3682ad5c134ed7c9fbbcf8ce6c Mon Sep 17 00:00:00 2001 From: Tim Roes Date: Wed, 23 Feb 2022 19:21:37 +0100 Subject: [PATCH 1/2] Remove storybook-addon-styled-component-theme (#10574) --- airbyte-webapp/.storybook/main.ts | 1 - airbyte-webapp/.storybook/preview.ts | 6 +- airbyte-webapp/.storybook/withProvider.tsx | 58 ++-- airbyte-webapp/package-lock.json | 330 +-------------------- airbyte-webapp/package.json | 1 - 5 files changed, 30 insertions(+), 366 deletions(-) diff --git a/airbyte-webapp/.storybook/main.ts b/airbyte-webapp/.storybook/main.ts index 2e75daee57d1..46e593d31e00 100644 --- a/airbyte-webapp/.storybook/main.ts +++ b/airbyte-webapp/.storybook/main.ts @@ -7,7 +7,6 @@ module.exports = { "@storybook/addon-links", "@storybook/addon-essentials", "@storybook/preset-create-react-app", - "storybook-addon-styled-component-theme/dist", ], webpackFinal: (config) => { config.resolve.modules.push(process.cwd() + "/node_modules"); diff --git a/airbyte-webapp/.storybook/preview.ts b/airbyte-webapp/.storybook/preview.ts index 57d8e1ba301b..339b28592c02 100644 --- a/airbyte-webapp/.storybook/preview.ts +++ b/airbyte-webapp/.storybook/preview.ts @@ -1,9 +1,7 @@ import { addDecorator } from "@storybook/react"; -import { withThemesProvider } from "storybook-addon-styled-component-theme"; -import WithProviders from "./withProvider"; -import { theme } from "../src/theme"; +import { withProviders } from "./withProvider"; -addDecorator(withThemesProvider([theme], WithProviders)); +addDecorator(withProviders); export const parameters = {}; diff --git a/airbyte-webapp/.storybook/withProvider.tsx b/airbyte-webapp/.storybook/withProvider.tsx index 06cf64d09cee..692622103d44 100644 --- a/airbyte-webapp/.storybook/withProvider.tsx +++ b/airbyte-webapp/.storybook/withProvider.tsx @@ -1,50 +1,32 @@ import { MemoryRouter } from "react-router-dom"; import * as React from "react"; import { IntlProvider } from "react-intl"; -// import { createMemoryHistory } from "history"; import { ThemeProvider } from "styled-components"; // TODO: theme was not working correctly so imported directly -import { theme, Theme } from "../src/theme"; +import { theme } from "../src/theme"; import GlobalStyle from "../src/global-styles"; import messages from "../src/locales/en.json"; import { FeatureService } from "../src/hooks/services/Feature"; import { ConfigServiceProvider, defaultConfig } from "../src/config"; import { ServicesProvider } from "../src/core/servicesProvider"; -interface Props { - theme?: Theme; -} - -interface Props { - children?: React.ReactNode; - theme?: Theme; -} - -class WithProviders extends React.Component { - render() { - const { children } = this.props; - - return ( - - - - - - - - {children} - - - - - - - ); - } -} - -export default WithProviders; +export const withProviders = (getStory) => ( + + + + + + + + {getStory()} + + + + + + +); diff --git a/airbyte-webapp/package-lock.json b/airbyte-webapp/package-lock.json index b792c1acb51f..816c92fae5f2 100644 --- a/airbyte-webapp/package-lock.json +++ b/airbyte-webapp/package-lock.json @@ -86,7 +86,6 @@ "prettier": "2.2.1", "react-scripts": "^5.0.0", "react-select-event": "^5.3.0", - "storybook-addon-styled-component-theme": "^2.0.0", "tar": "^6.1.11", "tmpl": "^1.0.5", "typescript": "^4.5.0" @@ -16851,30 +16850,6 @@ "url": "https://github.com/sponsors/ljharb" } }, - "node_modules/babel-runtime": { - "version": "6.26.0", - "resolved": "https://registry.npmjs.org/babel-runtime/-/babel-runtime-6.26.0.tgz", - "integrity": "sha1-llxwWGaOgrVde/4E/yM3vItWR/4=", - "dev": true, - "dependencies": { - "core-js": "^2.4.0", - "regenerator-runtime": "^0.11.0" - } - }, - "node_modules/babel-runtime/node_modules/core-js": { - "version": "2.6.12", - "resolved": "https://registry.npmjs.org/core-js/-/core-js-2.6.12.tgz", - "integrity": "sha512-Kb2wC0fvsWfQrgk8HU5lW6U/Lcs8+9aaYcy4ZFc6DDlo4nZ7n70dEgE5rtR0oG6ufKDUnrwfWL1mXR5ljDatrQ==", - "deprecated": "core-js@<3.4 is no longer maintained and not recommended for usage due to the number of issues. Because of the V8 engine whims, feature detection in old core-js versions could cause a slowdown up to 100x even if nothing is polyfilled. Please, upgrade your dependencies to the actual version of core-js.", - "dev": true, - "hasInstallScript": true - }, - "node_modules/babel-runtime/node_modules/regenerator-runtime": { - "version": "0.11.1", - "resolved": "https://registry.npmjs.org/regenerator-runtime/-/regenerator-runtime-0.11.1.tgz", - "integrity": "sha512-MguG95oij0fC3QV3URf4V2SDYGJhJnJGqvIIgdECeODCT98wSWDAJ94SSuVpYQUoTcGUIL6L4yNB7j1DFFHSBg==", - "dev": true - }, "node_modules/bail": { "version": "1.0.5", "resolved": "https://registry.npmjs.org/bail/-/bail-1.0.5.tgz", @@ -17767,12 +17742,6 @@ "node": ">=4" } }, - "node_modules/change-emitter": { - "version": "0.1.6", - "resolved": "https://registry.npmjs.org/change-emitter/-/change-emitter-0.1.6.tgz", - "integrity": "sha1-6LL+PX8at9aaMhma/5HqaTFAlRU=", - "dev": true - }, "node_modules/char-regex": { "version": "1.0.2", "resolved": "https://registry.npmjs.org/char-regex/-/char-regex-1.0.2.tgz", @@ -20257,7 +20226,8 @@ "version": "0.1.13", "resolved": "https://registry.npmjs.org/encoding/-/encoding-0.1.13.tgz", "integrity": "sha512-ETBauow1T35Y/WZMkio9jiM0Z5xjHHmJ4XmjZOq1l/dXz3lr2sRn87nJy20RupqSh1F2m3HHPSp8ShIPQJrJ3A==", - "devOptional": true, + "optional": true, + "peer": true, "dependencies": { "iconv-lite": "^0.6.2" } @@ -20266,7 +20236,8 @@ "version": "0.6.3", "resolved": "https://registry.npmjs.org/iconv-lite/-/iconv-lite-0.6.3.tgz", "integrity": "sha512-4fCk79wshMdzMp2rH06qWrJE4iolqLhCUH+OiuIgU++RB0+94NlDL81atO7GX55uUKueo0txHNtvEyI6D7WdMw==", - "devOptional": true, + "optional": true, + "peer": true, "dependencies": { "safer-buffer": ">= 2.1.2 < 3.0.0" }, @@ -21946,37 +21917,6 @@ "bser": "2.1.1" } }, - "node_modules/fbjs": { - "version": "0.8.18", - "resolved": "https://registry.npmjs.org/fbjs/-/fbjs-0.8.18.tgz", - "integrity": "sha512-EQaWFK+fEPSoibjNy8IxUtaFOMXcWsY0JaVrQoZR9zC8N2Ygf9iDITPWjUTVIax95b6I742JFLqASHfsag/vKA==", - "dev": true, - "dependencies": { - "core-js": "^1.0.0", - "isomorphic-fetch": "^2.1.1", - "loose-envify": "^1.0.0", - "object-assign": "^4.1.0", - "promise": "^7.1.1", - "setimmediate": "^1.0.5", - "ua-parser-js": "^0.7.30" - } - }, - "node_modules/fbjs/node_modules/core-js": { - "version": "1.2.7", - "resolved": "https://registry.npmjs.org/core-js/-/core-js-1.2.7.tgz", - "integrity": "sha1-ZSKUwUZR2yj6k70tX/KYOk8IxjY=", - "deprecated": "core-js@<3.4 is no longer maintained and not recommended for usage due to the number of issues. Because of the V8 engine whims, feature detection in old core-js versions could cause a slowdown up to 100x even if nothing is polyfilled. Please, upgrade your dependencies to the actual version of core-js.", - "dev": true - }, - "node_modules/fbjs/node_modules/promise": { - "version": "7.3.1", - "resolved": "https://registry.npmjs.org/promise/-/promise-7.3.1.tgz", - "integrity": "sha512-nolQXZ/4L+bP/UGlkfaIujX9BKxGwmQ9OT4mOt5yvy8iK1h3wqTEJCijzGANTCCl9nWjY41juyAn2K3Q1hLLTg==", - "dev": true, - "dependencies": { - "asap": "~2.0.3" - } - }, "node_modules/fetch-readablestream": { "version": "0.2.0", "resolved": "https://registry.npmjs.org/fetch-readablestream/-/fetch-readablestream-0.2.0.tgz", @@ -25040,35 +24980,6 @@ "node": ">=0.10.0" } }, - "node_modules/isomorphic-fetch": { - "version": "2.2.1", - "resolved": "https://registry.npmjs.org/isomorphic-fetch/-/isomorphic-fetch-2.2.1.tgz", - "integrity": "sha1-YRrhrPFPXoH3KVB0coGf6XM1WKk=", - "dev": true, - "dependencies": { - "node-fetch": "^1.0.1", - "whatwg-fetch": ">=0.10.0" - } - }, - "node_modules/isomorphic-fetch/node_modules/is-stream": { - "version": "1.1.0", - "resolved": "https://registry.npmjs.org/is-stream/-/is-stream-1.1.0.tgz", - "integrity": "sha1-EtSj3U5o4Lec6428hBc66A2RykQ=", - "dev": true, - "engines": { - "node": ">=0.10.0" - } - }, - "node_modules/isomorphic-fetch/node_modules/node-fetch": { - "version": "1.7.3", - "resolved": "https://registry.npmjs.org/node-fetch/-/node-fetch-1.7.3.tgz", - "integrity": "sha512-NhZ4CsKx7cYm2vSrBAr2PvFOe6sWDf0UYLRqA6svUYg7+/TSfVAu49jYC4BvQ4Sms9SZgdqGBgroqfDhJdTyKQ==", - "dev": true, - "dependencies": { - "encoding": "^0.1.11", - "is-stream": "^1.0.1" - } - }, "node_modules/istanbul-lib-coverage": { "version": "3.2.0", "resolved": "https://registry.npmjs.org/istanbul-lib-coverage/-/istanbul-lib-coverage-3.2.0.tgz", @@ -40144,59 +40055,6 @@ "integrity": "sha512-iJtHSGmNgAUx0b/MCS6ASGxb//hGrHHRgzvN+K5bvkBTN7A9RTpPSf1WSp+nPGvWCJ1jRnvY7MKnuqfoi3OEqg==", "dev": true }, - "node_modules/storybook-addon-styled-component-theme": { - "version": "2.0.0", - "resolved": "https://registry.npmjs.org/storybook-addon-styled-component-theme/-/storybook-addon-styled-component-theme-2.0.0.tgz", - "integrity": "sha512-y+KPFCxjIgRt/vNgKrpR0OK8jDDYFa1npU2hU57qcuRXpkvtojlTnyRSkIw1pnr/tMUJ1g//x45bDIt4KYj9/A==", - "dev": true, - "dependencies": { - "immutable": "^3.8.2", - "recompose": "^0.27.1" - }, - "peerDependencies": { - "@storybook/addons": ">=6.1.0", - "@storybook/react": ">=5.2.0", - "styled-components": ">=5.2.0" - } - }, - "node_modules/storybook-addon-styled-component-theme/node_modules/hoist-non-react-statics": { - "version": "2.5.5", - "resolved": "https://registry.npmjs.org/hoist-non-react-statics/-/hoist-non-react-statics-2.5.5.tgz", - "integrity": "sha512-rqcy4pJo55FTTLWt+bU8ukscqHeE/e9KWvsOW2b/a3afxQZhwkQdT1rPPCJ0rYXdj4vNcasY8zHTH+jF/qStxw==", - "dev": true - }, - "node_modules/storybook-addon-styled-component-theme/node_modules/react": { - "version": "16.14.0", - "resolved": "https://registry.npmjs.org/react/-/react-16.14.0.tgz", - "integrity": "sha512-0X2CImDkJGApiAlcf0ODKIneSwBPhqJawOa5wCtKbu7ZECrmS26NvtSILynQ66cgkT/RJ4LidJOc3bUESwmU8g==", - "dev": true, - "peer": true, - "dependencies": { - "loose-envify": "^1.1.0", - "object-assign": "^4.1.1", - "prop-types": "^15.6.2" - }, - "engines": { - "node": ">=0.10.0" - } - }, - "node_modules/storybook-addon-styled-component-theme/node_modules/recompose": { - "version": "0.27.1", - "resolved": "https://registry.npmjs.org/recompose/-/recompose-0.27.1.tgz", - "integrity": "sha512-p7xsyi/rfNjHfdP7vPU02uSFa+Q1eHhjKrvO+3+kRP4Ortj+MxEmpmd+UQtBGM2D2iNAjzNI5rCyBKp9Ob5McA==", - "dev": true, - "dependencies": { - "babel-runtime": "^6.26.0", - "change-emitter": "^0.1.2", - "fbjs": "^0.8.1", - "hoist-non-react-statics": "^2.3.1", - "react-lifecycles-compat": "^3.0.2", - "symbol-observable": "^1.0.4" - }, - "peerDependencies": { - "react": "^0.14.0 || ^15.0.0 || ^16.0.0" - } - }, "node_modules/stream-browserify": { "version": "2.0.2", "resolved": "https://registry.npmjs.org/stream-browserify/-/stream-browserify-2.0.2.tgz", @@ -40742,15 +40600,6 @@ "node": ">=4.0.0" } }, - "node_modules/symbol-observable": { - "version": "1.2.0", - "resolved": "https://registry.npmjs.org/symbol-observable/-/symbol-observable-1.2.0.tgz", - "integrity": "sha512-e900nM8RRtGhlV36KGEU9k65K3mPb1WV70OdjfxlG2EAuM1noi/E/BaW/uMhL7bPEssK8QV57vN3esixjUvcXQ==", - "dev": true, - "engines": { - "node": ">=0.10.0" - } - }, "node_modules/symbol-tree": { "version": "3.2.4", "resolved": "https://registry.npmjs.org/symbol-tree/-/symbol-tree-3.2.4.tgz", @@ -41490,25 +41339,6 @@ "node": ">=4.2.0" } }, - "node_modules/ua-parser-js": { - "version": "0.7.31", - "resolved": "https://registry.npmjs.org/ua-parser-js/-/ua-parser-js-0.7.31.tgz", - "integrity": "sha512-qLK/Xe9E2uzmYI3qLeOmI0tEOt+TBBQyUIAh4aAgU05FVYzeZrKUdkAZfBNVGRaHVgV0TDkdEngJSw/SyQchkQ==", - "dev": true, - "funding": [ - { - "type": "opencollective", - "url": "https://opencollective.com/ua-parser-js" - }, - { - "type": "paypal", - "url": "https://paypal.me/faisalman" - } - ], - "engines": { - "node": "*" - } - }, "node_modules/uglify-js": { "version": "3.15.1", "resolved": "https://registry.npmjs.org/uglify-js/-/uglify-js-3.15.1.tgz", @@ -57362,30 +57192,6 @@ } } }, - "babel-runtime": { - "version": "6.26.0", - "resolved": "https://registry.npmjs.org/babel-runtime/-/babel-runtime-6.26.0.tgz", - "integrity": "sha1-llxwWGaOgrVde/4E/yM3vItWR/4=", - "dev": true, - "requires": { - "core-js": "^2.4.0", - "regenerator-runtime": "^0.11.0" - }, - "dependencies": { - "core-js": { - "version": "2.6.12", - "resolved": "https://registry.npmjs.org/core-js/-/core-js-2.6.12.tgz", - "integrity": "sha512-Kb2wC0fvsWfQrgk8HU5lW6U/Lcs8+9aaYcy4ZFc6DDlo4nZ7n70dEgE5rtR0oG6ufKDUnrwfWL1mXR5ljDatrQ==", - "dev": true - }, - "regenerator-runtime": { - "version": "0.11.1", - "resolved": "https://registry.npmjs.org/regenerator-runtime/-/regenerator-runtime-0.11.1.tgz", - "integrity": "sha512-MguG95oij0fC3QV3URf4V2SDYGJhJnJGqvIIgdECeODCT98wSWDAJ94SSuVpYQUoTcGUIL6L4yNB7j1DFFHSBg==", - "dev": true - } - } - }, "bail": { "version": "1.0.5", "resolved": "https://registry.npmjs.org/bail/-/bail-1.0.5.tgz", @@ -58096,12 +57902,6 @@ "supports-color": "^5.3.0" } }, - "change-emitter": { - "version": "0.1.6", - "resolved": "https://registry.npmjs.org/change-emitter/-/change-emitter-0.1.6.tgz", - "integrity": "sha1-6LL+PX8at9aaMhma/5HqaTFAlRU=", - "dev": true - }, "char-regex": { "version": "1.0.2", "resolved": "https://registry.npmjs.org/char-regex/-/char-regex-1.0.2.tgz", @@ -60159,7 +59959,8 @@ "version": "0.1.13", "resolved": "https://registry.npmjs.org/encoding/-/encoding-0.1.13.tgz", "integrity": "sha512-ETBauow1T35Y/WZMkio9jiM0Z5xjHHmJ4XmjZOq1l/dXz3lr2sRn87nJy20RupqSh1F2m3HHPSp8ShIPQJrJ3A==", - "devOptional": true, + "optional": true, + "peer": true, "requires": { "iconv-lite": "^0.6.2" }, @@ -60168,7 +59969,8 @@ "version": "0.6.3", "resolved": "https://registry.npmjs.org/iconv-lite/-/iconv-lite-0.6.3.tgz", "integrity": "sha512-4fCk79wshMdzMp2rH06qWrJE4iolqLhCUH+OiuIgU++RB0+94NlDL81atO7GX55uUKueo0txHNtvEyI6D7WdMw==", - "devOptional": true, + "optional": true, + "peer": true, "requires": { "safer-buffer": ">= 2.1.2 < 3.0.0" } @@ -61475,38 +61277,6 @@ "bser": "2.1.1" } }, - "fbjs": { - "version": "0.8.18", - "resolved": "https://registry.npmjs.org/fbjs/-/fbjs-0.8.18.tgz", - "integrity": "sha512-EQaWFK+fEPSoibjNy8IxUtaFOMXcWsY0JaVrQoZR9zC8N2Ygf9iDITPWjUTVIax95b6I742JFLqASHfsag/vKA==", - "dev": true, - "requires": { - "core-js": "^1.0.0", - "isomorphic-fetch": "^2.1.1", - "loose-envify": "^1.0.0", - "object-assign": "^4.1.0", - "promise": "^7.1.1", - "setimmediate": "^1.0.5", - "ua-parser-js": "^0.7.30" - }, - "dependencies": { - "core-js": { - "version": "1.2.7", - "resolved": "https://registry.npmjs.org/core-js/-/core-js-1.2.7.tgz", - "integrity": "sha1-ZSKUwUZR2yj6k70tX/KYOk8IxjY=", - "dev": true - }, - "promise": { - "version": "7.3.1", - "resolved": "https://registry.npmjs.org/promise/-/promise-7.3.1.tgz", - "integrity": "sha512-nolQXZ/4L+bP/UGlkfaIujX9BKxGwmQ9OT4mOt5yvy8iK1h3wqTEJCijzGANTCCl9nWjY41juyAn2K3Q1hLLTg==", - "dev": true, - "requires": { - "asap": "~2.0.3" - } - } - } - }, "fetch-readablestream": { "version": "0.2.0", "resolved": "https://registry.npmjs.org/fetch-readablestream/-/fetch-readablestream-0.2.0.tgz", @@ -63842,34 +63612,6 @@ "resolved": "https://registry.npmjs.org/isobject/-/isobject-3.0.1.tgz", "integrity": "sha1-TkMekrEalzFjaqH5yNHMvP2reN8=" }, - "isomorphic-fetch": { - "version": "2.2.1", - "resolved": "https://registry.npmjs.org/isomorphic-fetch/-/isomorphic-fetch-2.2.1.tgz", - "integrity": "sha1-YRrhrPFPXoH3KVB0coGf6XM1WKk=", - "dev": true, - "requires": { - "node-fetch": "^1.0.1", - "whatwg-fetch": ">=0.10.0" - }, - "dependencies": { - "is-stream": { - "version": "1.1.0", - "resolved": "https://registry.npmjs.org/is-stream/-/is-stream-1.1.0.tgz", - "integrity": "sha1-EtSj3U5o4Lec6428hBc66A2RykQ=", - "dev": true - }, - "node-fetch": { - "version": "1.7.3", - "resolved": "https://registry.npmjs.org/node-fetch/-/node-fetch-1.7.3.tgz", - "integrity": "sha512-NhZ4CsKx7cYm2vSrBAr2PvFOe6sWDf0UYLRqA6svUYg7+/TSfVAu49jYC4BvQ4Sms9SZgdqGBgroqfDhJdTyKQ==", - "dev": true, - "requires": { - "encoding": "^0.1.11", - "is-stream": "^1.0.1" - } - } - } - }, "istanbul-lib-coverage": { "version": "3.2.0", "resolved": "https://registry.npmjs.org/istanbul-lib-coverage/-/istanbul-lib-coverage-3.2.0.tgz", @@ -75115,50 +74857,6 @@ "integrity": "sha512-iJtHSGmNgAUx0b/MCS6ASGxb//hGrHHRgzvN+K5bvkBTN7A9RTpPSf1WSp+nPGvWCJ1jRnvY7MKnuqfoi3OEqg==", "dev": true }, - "storybook-addon-styled-component-theme": { - "version": "2.0.0", - "resolved": "https://registry.npmjs.org/storybook-addon-styled-component-theme/-/storybook-addon-styled-component-theme-2.0.0.tgz", - "integrity": "sha512-y+KPFCxjIgRt/vNgKrpR0OK8jDDYFa1npU2hU57qcuRXpkvtojlTnyRSkIw1pnr/tMUJ1g//x45bDIt4KYj9/A==", - "dev": true, - "requires": { - "immutable": "^3.8.2", - "recompose": "^0.27.1" - }, - "dependencies": { - "hoist-non-react-statics": { - "version": "2.5.5", - "resolved": "https://registry.npmjs.org/hoist-non-react-statics/-/hoist-non-react-statics-2.5.5.tgz", - "integrity": "sha512-rqcy4pJo55FTTLWt+bU8ukscqHeE/e9KWvsOW2b/a3afxQZhwkQdT1rPPCJ0rYXdj4vNcasY8zHTH+jF/qStxw==", - "dev": true - }, - "react": { - "version": "16.14.0", - "resolved": "https://registry.npmjs.org/react/-/react-16.14.0.tgz", - "integrity": "sha512-0X2CImDkJGApiAlcf0ODKIneSwBPhqJawOa5wCtKbu7ZECrmS26NvtSILynQ66cgkT/RJ4LidJOc3bUESwmU8g==", - "dev": true, - "peer": true, - "requires": { - "loose-envify": "^1.1.0", - "object-assign": "^4.1.1", - "prop-types": "^15.6.2" - } - }, - "recompose": { - "version": "0.27.1", - "resolved": "https://registry.npmjs.org/recompose/-/recompose-0.27.1.tgz", - "integrity": "sha512-p7xsyi/rfNjHfdP7vPU02uSFa+Q1eHhjKrvO+3+kRP4Ortj+MxEmpmd+UQtBGM2D2iNAjzNI5rCyBKp9Ob5McA==", - "dev": true, - "requires": { - "babel-runtime": "^6.26.0", - "change-emitter": "^0.1.2", - "fbjs": "^0.8.1", - "hoist-non-react-statics": "^2.3.1", - "react-lifecycles-compat": "^3.0.2", - "symbol-observable": "^1.0.4" - } - } - } - }, "stream-browserify": { "version": "2.0.2", "resolved": "https://registry.npmjs.org/stream-browserify/-/stream-browserify-2.0.2.tgz", @@ -75586,12 +75284,6 @@ "util.promisify": "~1.0.0" } }, - "symbol-observable": { - "version": "1.2.0", - "resolved": "https://registry.npmjs.org/symbol-observable/-/symbol-observable-1.2.0.tgz", - "integrity": "sha512-e900nM8RRtGhlV36KGEU9k65K3mPb1WV70OdjfxlG2EAuM1noi/E/BaW/uMhL7bPEssK8QV57vN3esixjUvcXQ==", - "dev": true - }, "symbol-tree": { "version": "3.2.4", "resolved": "https://registry.npmjs.org/symbol-tree/-/symbol-tree-3.2.4.tgz", @@ -76162,12 +75854,6 @@ "resolved": "https://registry.npmjs.org/typescript/-/typescript-4.5.5.tgz", "integrity": "sha512-TCTIul70LyWe6IJWT8QSYeA54WQe8EjQFU4wY52Fasj5UKx88LNYKCgBEHcOMOrFF1rKGbD8v/xcNWVUq9SymA==" }, - "ua-parser-js": { - "version": "0.7.31", - "resolved": "https://registry.npmjs.org/ua-parser-js/-/ua-parser-js-0.7.31.tgz", - "integrity": "sha512-qLK/Xe9E2uzmYI3qLeOmI0tEOt+TBBQyUIAh4aAgU05FVYzeZrKUdkAZfBNVGRaHVgV0TDkdEngJSw/SyQchkQ==", - "dev": true - }, "uglify-js": { "version": "3.15.1", "resolved": "https://registry.npmjs.org/uglify-js/-/uglify-js-3.15.1.tgz", diff --git a/airbyte-webapp/package.json b/airbyte-webapp/package.json index d0a9c18e01f6..59c32ae86306 100644 --- a/airbyte-webapp/package.json +++ b/airbyte-webapp/package.json @@ -93,7 +93,6 @@ "prettier": "2.2.1", "react-scripts": "^5.0.0", "react-select-event": "^5.3.0", - "storybook-addon-styled-component-theme": "^2.0.0", "tar": "^6.1.11", "tmpl": "^1.0.5", "typescript": "^4.5.0" From 91933c2da65701959ffc2729d4ca333e3a8162eb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C3=81lvaro=20Torres=20Cogollo?= Date: Wed, 23 Feb 2022 20:28:16 +0100 Subject: [PATCH 2/2] Helm Chart: Secure chart for best practices (#10000) --- charts/airbyte/README.md | 215 ++++++++---- .../templates/pod-sweeper/deployment.yaml | 35 ++ .../templates/scheduler/deployment.yaml | 35 ++ .../airbyte/templates/server/deployment.yaml | 9 + .../templates/temporal/deployment.yaml | 39 +++ .../airbyte/templates/webapp/deployment.yaml | 32 ++ .../airbyte/templates/worker/deployment.yaml | 9 + charts/airbyte/values.yaml | 322 +++++++++++++++++- 8 files changed, 621 insertions(+), 75 deletions(-) diff --git a/charts/airbyte/README.md b/charts/airbyte/README.md index 47c47d6385bc..a3d5c41482d8 100644 --- a/charts/airbyte/README.md +++ b/charts/airbyte/README.md @@ -24,28 +24,44 @@ ### Webapp Parameters -| Name | Description | Value | -| ---------------------------- | ---------------------------------------------------------------- | ---------------- | -| `webapp.replicaCount` | Number of webapp replicas | `1` | -| `webapp.image.repository` | The repository to use for the airbyte webapp image. | `airbyte/webapp` | -| `webapp.image.pullPolicy` | the pull policy to use for the airbyte webapp image | `IfNotPresent` | -| `webapp.image.tag` | The airbyte webapp image tag. Defaults to the chart's AppVersion | `0.35.36-alpha` | -| `webapp.podAnnotations` | Add extra annotations to the webapp pod(s) | `{}` | -| `webapp.service.type` | The service type to use for the webapp service | `ClusterIP` | -| `webapp.service.port` | The service port to expose the webapp on | `80` | -| `webapp.resources.limits` | The resources limits for the Web container | `{}` | -| `webapp.resources.requests` | The requested resources for the Web container | `{}` | -| `webapp.nodeSelector` | Node labels for pod assignment | `{}` | -| `webapp.tolerations` | Tolerations for webapp pod assignment. | `[]` | -| `webapp.ingress.enabled` | Set to true to enable ingress record generation | `false` | -| `webapp.ingress.className` | Specifies ingressClassName for clusters >= 1.18+ | `""` | -| `webapp.ingress.annotations` | Ingress annotations done as key:value pairs | `{}` | -| `webapp.ingress.hosts` | The list of hostnames to be covered with this ingress record. | `[]` | -| `webapp.ingress.tls` | Custom ingress TLS configuration | `[]` | -| `webapp.api.url` | The webapp API url. | `/api/v1/` | -| `webapp.isDemo` | Set to true if this is a demo | `false` | -| `webapp.fullstory.enabled` | Whether or not to enable fullstory | `false` | -| `webapp.extraEnv` | Additional env vars for webapp pod(s). | `[]` | +| Name | Description | Value | +| ------------------------------------------- | ---------------------------------------------------------------- | ---------------- | +| `webapp.replicaCount` | Number of webapp replicas | `1` | +| `webapp.image.repository` | The repository to use for the airbyte webapp image. | `airbyte/webapp` | +| `webapp.image.pullPolicy` | the pull policy to use for the airbyte webapp image | `IfNotPresent` | +| `webapp.image.tag` | The airbyte webapp image tag. Defaults to the chart's AppVersion | `0.35.36-alpha` | +| `webapp.podAnnotations` | Add extra annotations to the webapp pod(s) | `{}` | +| `webapp.containerSecurityContext` | Security context for the container | `{}` | +| `webapp.livenessProbe.enabled` | Enable livenessProbe on the webapp | `true` | +| `webapp.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `30` | +| `webapp.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` | +| `webapp.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `1` | +| `webapp.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `3` | +| `webapp.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | +| `webapp.readinessProbe.enabled` | Enable readinessProbe on the webapp | `true` | +| `webapp.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `10` | +| `webapp.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `10` | +| `webapp.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `1` | +| `webapp.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `3` | +| `webapp.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | +| `webapp.service.type` | The service type to use for the webapp service | `ClusterIP` | +| `webapp.service.port` | The service port to expose the webapp on | `80` | +| `webapp.resources.limits` | The resources limits for the Web container | `{}` | +| `webapp.resources.requests` | The requested resources for the Web container | `{}` | +| `webapp.nodeSelector` | Node labels for pod assignment | `{}` | +| `webapp.tolerations` | Tolerations for webapp pod assignment. | `[]` | +| `webapp.affinity` | Affinity and anti-affinity for webapp pod assignment. | `{}` | +| `webapp.ingress.enabled` | Set to true to enable ingress record generation | `false` | +| `webapp.ingress.className` | Specifies ingressClassName for clusters >= 1.18+ | `""` | +| `webapp.ingress.annotations` | Ingress annotations done as key:value pairs | `{}` | +| `webapp.ingress.hosts` | The list of hostnames to be covered with this ingress record. | `[]` | +| `webapp.ingress.tls` | Custom ingress TLS configuration | `[]` | +| `webapp.api.url` | The webapp API url. | `/api/v1/` | +| `webapp.isDemo` | Set to true if this is a demo | `false` | +| `webapp.fullstory.enabled` | Whether or not to enable fullstory | `false` | +| `webapp.extraEnv` | Additional env vars for webapp pod(s). | `[]` | +| `webapp.extraVolumeMounts` | Additional volumeMounts for webapp container(s). | `[]` | +| `webapp.extraVolumes` | Additional volumes for webapp pod(s). | `[]` | ### Scheduler Parameters @@ -67,16 +83,32 @@ ### Pod Sweeper parameters -| Name | Description | Value | -| ------------------------------- | ---------------------------------------------------- | ----------------- | -| `podSweeper.image.repository` | The image repository to use for the pod sweeper | `bitnami/kubectl` | -| `podSweeper.image.pullPolicy` | The pull policy for the pod sweeper image | `IfNotPresent` | -| `podSweeper.image.tag` | The pod sweeper image tag to use | `latest` | -| `podSweeper.podAnnotations` | Add extra annotations to the podSweeper pod | `{}` | -| `podSweeper.resources.limits` | The resources limits for the podSweeper container | `{}` | -| `podSweeper.resources.requests` | The requested resources for the podSweeper container | `{}` | -| `podSweeper.nodeSelector` | Node labels for pod assignment | `{}` | -| `podSweeper.tolerations` | Tolerations for podSweeper pod assignment. | `[]` | +| Name | Description | Value | +| ----------------------------------------------- | --------------------------------------------------------- | ----------------- | +| `podSweeper.image.repository` | The image repository to use for the pod sweeper | `bitnami/kubectl` | +| `podSweeper.image.pullPolicy` | The pull policy for the pod sweeper image | `IfNotPresent` | +| `podSweeper.image.tag` | The pod sweeper image tag to use | `latest` | +| `podSweeper.podAnnotations` | Add extra annotations to the podSweeper pod | `{}` | +| `podSweeper.containerSecurityContext` | Security context for the container | `{}` | +| `podSweeper.livenessProbe.enabled` | Enable livenessProbe on the podSweeper | `true` | +| `podSweeper.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `5` | +| `podSweeper.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `30` | +| `podSweeper.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `1` | +| `podSweeper.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `3` | +| `podSweeper.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | +| `podSweeper.readinessProbe.enabled` | Enable readinessProbe on the podSweeper | `true` | +| `podSweeper.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `5` | +| `podSweeper.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `30` | +| `podSweeper.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `1` | +| `podSweeper.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `3` | +| `podSweeper.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | +| `podSweeper.resources.limits` | The resources limits for the podSweeper container | `{}` | +| `podSweeper.resources.requests` | The requested resources for the podSweeper container | `{}` | +| `podSweeper.nodeSelector` | Node labels for pod assignment | `{}` | +| `podSweeper.tolerations` | Tolerations for podSweeper pod assignment. | `[]` | +| `podSweeper.affinity` | Affinity and anti-affinity for podSweeper pod assignment. | `{}` | +| `podSweeper.extraVolumeMounts` | Additional volumeMounts for podSweeper container(s). | `[]` | +| `podSweeper.extraVolumes` | Additional volumes for podSweeper pod(s). | `[]` | ### Server parameters @@ -88,6 +120,7 @@ | `server.image.pullPolicy` | the pull policy to use for the airbyte server image | `IfNotPresent` | | `server.image.tag` | The airbyte server image tag. Defaults to the chart's AppVersion | `0.35.36-alpha` | | `server.podAnnotations` | Add extra annotations to the server pod | `{}` | +| `server.containerSecurityContext` | Security context for the container | `{}` | | `server.livenessProbe.enabled` | Enable livenessProbe on the server | `true` | | `server.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `30` | | `server.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` | @@ -109,8 +142,11 @@ | `server.persistence.storageClass` | The storage class to use for the airbyte server pvc | `""` | | `server.nodeSelector` | Node labels for pod assignment | `{}` | | `server.tolerations` | Tolerations for server pod assignment. | `[]` | +| `server.affinity` | Affinity and anti-affinity for server pod assignment. | `{}` | | `server.log.level` | The log level to log at | `INFO` | | `server.extraEnv` | Additional env vars for server pod(s). | `[]` | +| `server.extraVolumeMounts` | Additional volumeMounts for server container(s). | `[]` | +| `server.extraVolumes` | Additional volumes for server pod(s). | `[]` | ### Worker Parameters @@ -122,6 +158,7 @@ | `worker.image.pullPolicy` | the pull policy to use for the airbyte worker image | `IfNotPresent` | | `worker.image.tag` | The airbyte worker image tag. Defaults to the chart's AppVersion | `0.35.36-alpha` | | `worker.podAnnotations` | Add extra annotations to the worker pod(s) | `{}` | +| `worker.containerSecurityContext` | Security context for the container | `{}` | | `worker.livenessProbe.enabled` | Enable livenessProbe on the worker | `true` | | `worker.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `30` | | `worker.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `10` | @@ -138,8 +175,11 @@ | `worker.resources.requests` | The requested resources for the worker container | `{}` | | `worker.nodeSelector` | Node labels for pod assignment | `{}` | | `worker.tolerations` | Tolerations for worker pod assignment. | `[]` | +| `worker.affinity` | Affinity and anti-affinity for worker pod assignment. | `{}` | | `worker.log.level` | The log level to log at. | `INFO` | | `worker.extraEnv` | Additional env vars for worker pod(s). | `[]` | +| `worker.extraVolumeMounts` | Additional volumeMounts for worker container(s). | `[]` | +| `worker.extraVolumes` | Additional volumes for worker pod(s). | `[]` | ### Bootloader Parameters @@ -153,59 +193,86 @@ ### Temporal parameters -| Name | Description | Value | -| --------------------------- | --------------------------------------------- | ----------------------- | -| `temporal.replicaCount` | The number of temporal replicas to deploy | `1` | -| `temporal.image.repository` | The temporal image repository to use | `temporalio/auto-setup` | -| `temporal.image.pullPolicy` | The pull policy for the temporal image | `IfNotPresent` | -| `temporal.image.tag` | The temporal image tag to use | `1.7.0` | -| `temporal.service.type` | The Kubernetes Service Type | `ClusterIP` | -| `temporal.service.port` | The temporal port and exposed kubernetes port | `7233` | -| `temporal.nodeSelector` | Node labels for pod assignment | `{}` | -| `temporal.tolerations` | Tolerations for pod assignment. | `[]` | -| `temporal.extraEnv` | Additional env vars for temporal pod(s). | `[]` | +| Name | Description | Value | +| --------------------------------------------- | ------------------------------------------------------- | ----------------------- | +| `temporal.replicaCount` | The number of temporal replicas to deploy | `1` | +| `temporal.image.repository` | The temporal image repository to use | `temporalio/auto-setup` | +| `temporal.image.pullPolicy` | The pull policy for the temporal image | `IfNotPresent` | +| `temporal.image.tag` | The temporal image tag to use | `1.7.0` | +| `temporal.service.type` | The Kubernetes Service Type | `ClusterIP` | +| `temporal.service.port` | The temporal port and exposed kubernetes port | `7233` | +| `temporal.podAnnotations` | Add extra annotations to the temporal pod | `{}` | +| `temporal.containerSecurityContext` | Security context for the container | `{}` | +| `temporal.extraInitContainers` | Additional InitContainers to initialize the pod | `[]` | +| `temporal.livenessProbe.enabled` | Enable livenessProbe on the temporal | `true` | +| `temporal.livenessProbe.initialDelaySeconds` | Initial delay seconds for livenessProbe | `5` | +| `temporal.livenessProbe.periodSeconds` | Period seconds for livenessProbe | `30` | +| `temporal.livenessProbe.timeoutSeconds` | Timeout seconds for livenessProbe | `1` | +| `temporal.livenessProbe.failureThreshold` | Failure threshold for livenessProbe | `3` | +| `temporal.livenessProbe.successThreshold` | Success threshold for livenessProbe | `1` | +| `temporal.readinessProbe.enabled` | Enable readinessProbe on the temporal | `true` | +| `temporal.readinessProbe.initialDelaySeconds` | Initial delay seconds for readinessProbe | `5` | +| `temporal.readinessProbe.periodSeconds` | Period seconds for readinessProbe | `30` | +| `temporal.readinessProbe.timeoutSeconds` | Timeout seconds for readinessProbe | `1` | +| `temporal.readinessProbe.failureThreshold` | Failure threshold for readinessProbe | `3` | +| `temporal.readinessProbe.successThreshold` | Success threshold for readinessProbe | `1` | +| `temporal.nodeSelector` | Node labels for temporal pod assignment | `{}` | +| `temporal.tolerations` | Tolerations for temporal pod assignment. | `[]` | +| `temporal.affinity` | Affinity and anti-affinity for temporal pod assignment. | `{}` | +| `temporal.extraEnv` | Additional env vars for temporal pod(s). | `[]` | +| `temporal.extraVolumeMounts` | Additional volumeMounts for temporal container(s). | `[]` | +| `temporal.extraVolumes` | Additional volumes for temporal pod(s). | `[]` | ### Airbyte Database parameters -| Name | Description | Value | -| -------------------------------------------- | ----------------------------------------------------------------------------------------- | ------------ | -| `postgresql.enabled` | Switch to enable or disable the PostgreSQL helm chart | `true` | -| `postgresql.postgresqlUsername` | Airbyte Postgresql username | `airbyte` | -| `postgresql.postgresqlPassword` | Airbyte Postgresql password | `airbyte` | -| `postgresql.postgresqlDatabase` | Airbyte Postgresql database | `db-airbyte` | -| `postgresql.existingSecret` | Name of an existing secret containing the PostgreSQL password ('postgresql-password' key) | `""` | -| `externalDatabase.host` | Database host | `localhost` | -| `externalDatabase.user` | non-root Username for Airbyte Database | `airbyte` | -| `externalDatabase.password` | Database password | `""` | -| `externalDatabase.existingSecret` | Name of an existing secret resource containing the DB password | `""` | -| `externalDatabase.existingSecretPasswordKey` | Name of an existing secret key containing the DB password | `""` | -| `externalDatabase.database` | Database name | `db-airbyte` | -| `externalDatabase.port` | Database port number | `5432` | +| Name | Description | Value | +| -------------------------------------------------- | ----------------------------------------------------------------------------------------- | ------------ | +| `postgresql.enabled` | Switch to enable or disable the PostgreSQL helm chart | `true` | +| `postgresql.postgresqlUsername` | Airbyte Postgresql username | `airbyte` | +| `postgresql.postgresqlPassword` | Airbyte Postgresql password | `airbyte` | +| `postgresql.postgresqlDatabase` | Airbyte Postgresql database | `db-airbyte` | +| `postgresql.existingSecret` | Name of an existing secret containing the PostgreSQL password ('postgresql-password' key) | `""` | +| `postgresql.containerSecurityContext.runAsNonRoot` | Ensures the container will run with a non-root user | `true` | +| `postgresql.commonAnnotations.helm.sh/hook` | It will determine when the hook should be rendered | `undefined` | +| `postgresql.commonAnnotations.helm.sh/hook-weight` | The order in which the hooks are executed. If weight is lower, it has higher priority | `undefined` | +| `externalDatabase.host` | Database host | `localhost` | +| `externalDatabase.user` | non-root Username for Airbyte Database | `airbyte` | +| `externalDatabase.password` | Database password | `""` | +| `externalDatabase.existingSecret` | Name of an existing secret resource containing the DB password | `""` | +| `externalDatabase.existingSecretPasswordKey` | Name of an existing secret key containing the DB password | `""` | +| `externalDatabase.database` | Database name | `db-airbyte` | +| `externalDatabase.port` | Database port number | `5432` | ### Logs parameters -| Name | Description | Value | -| ---------------------------- | ------------------------------------------------------ | ------------------ | -| `logs.accessKey.password` | Logs Access Key | `minio` | -| `logs.secretKey.password` | Logs Secret Key | `minio123` | -| `logs.minio.enabled` | Switch to enable or disable the Minio helm chart | `true` | -| `logs.externalMinio.enabled` | Switch to enable or disable an external Minio instance | `false` | -| `logs.externalMinio.host` | External Minio Host | `localhost` | -| `logs.externalMinio.port` | External Minio Port | `9000` | -| `logs.s3.enabled` | Switch to enable or disable custom S3 Log location | `false` | -| `logs.s3.bucket` | Bucket name where logs should be stored | `airbyte-dev-logs` | -| `logs.s3.bucketRegion` | Region of the bucket (must be empty if using minio) | `""` | -| `logs.gcs.bucket` | GCS bucket name | `""` | -| `logs.gcs.credentials` | The path the GCS creds are written to | `""` | +| Name | Description | Value | +| ---------------------------------- | ------------------------------------------------------ | ------------------ | +| `logs.accessKey.password` | Logs Access Key | `minio` | +| `logs.accessKey.existingSecret` | | `""` | +| `logs.accessKey.existingSecretKey` | | `""` | +| `logs.secretKey.password` | Logs Secret Key | `minio123` | +| `logs.secretKey.existingSecret` | | `""` | +| `logs.secretKey.existingSecretKey` | | `""` | +| `logs.minio.enabled` | Switch to enable or disable the Minio helm chart | `true` | +| `logs.externalMinio.enabled` | Switch to enable or disable an external Minio instance | `false` | +| `logs.externalMinio.host` | External Minio Host | `localhost` | +| `logs.externalMinio.port` | External Minio Port | `9000` | +| `logs.s3.enabled` | Switch to enable or disable custom S3 Log location | `false` | +| `logs.s3.bucket` | Bucket name where logs should be stored | `airbyte-dev-logs` | +| `logs.s3.bucketRegion` | Region of the bucket (must be empty if using minio) | `""` | +| `logs.gcs.bucket` | GCS bucket name | `""` | +| `logs.gcs.credentials` | The path the GCS creds are written to | `""` | ### Minio chart overwrites -| Name | Description | Value | -| -------------------------- | ---------------- | ---------- | -| `minio.accessKey.password` | Minio Access Key | `minio` | -| `minio.secretKey.password` | Minio Secret Key | `minio123` | +| Name | Description | Value | +| -------------------------- | -------------------------------- | ---------- | +| `minio.accessKey.password` | Minio Access Key | `minio` | +| `minio.secretKey.password` | Minio Secret Key | `minio123` | +| `jobs.resources.limits` | The resources limits for jobs | `{}` | +| `jobs.resources.requests` | The requested resources for jobs | `{}` | diff --git a/charts/airbyte/templates/pod-sweeper/deployment.yaml b/charts/airbyte/templates/pod-sweeper/deployment.yaml index 52ea257b052c..f2a1ed11af81 100644 --- a/charts/airbyte/templates/pod-sweeper/deployment.yaml +++ b/charts/airbyte/templates/pod-sweeper/deployment.yaml @@ -38,16 +38,48 @@ spec: valueFrom: fieldRef: fieldPath: metadata.namespace + {{- if .Values.podSweeper.containerSecurityContext }} + securityContext: {{- toYaml .Values.podSweeper.containerSecurityContext | nindent 10 }} + {{- end }} volumeMounts: - mountPath: /script/sweep-pod.sh subPath: sweep-pod.sh name: sweep-pod-script - mountPath: /.kube name: kube-config + {{- if .Values.podSweeper.extraVolumeMounts }} + {{ toYaml .Values.podSweeper.extraVolumeMounts | nindent 8 }} + {{- end }} command: ["/bin/bash", "-c", /script/sweep-pod.sh] {{- if .Values.podSweeper.resources }} resources: {{- toYaml .Values.podSweeper.resources | nindent 10 }} {{- end }} + {{- if .Values.podSweeper.livenessProbe.enabled }} + livenessProbe: + exec: + command: + - /bin/sh + - -ec + - grep -aq sweep-pod.sh /proc/1/cmdline + initialDelaySeconds: {{ .Values.podSweeper.livenessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.podSweeper.livenessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.podSweeper.livenessProbe.timeoutSeconds }} + successThreshold: {{ .Values.podSweeper.livenessProbe.successThreshold }} + failureThreshold: {{ .Values.podSweeper.livenessProbe.failureThreshold }} + {{- end }} + {{- if .Values.podSweeper.readinessProbe.enabled }} + readinessProbe: + exec: + command: + - /bin/sh + - -ec + - grep -aq sweep-pod.sh /proc/1/cmdline + initialDelaySeconds: {{ .Values.podSweeper.readinessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.podSweeper.readinessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.podSweeper.readinessProbe.timeoutSeconds }} + successThreshold: {{ .Values.podSweeper.readinessProbe.successThreshold }} + failureThreshold: {{ .Values.podSweeper.readinessProbe.failureThreshold }} + {{- end }} volumes: - name: kube-config emptyDir: {} @@ -55,3 +87,6 @@ spec: configMap: name: {{ include "airbyte.fullname" . }}-sweep-pod-script defaultMode: 0755 + {{- if .Values.podSweeper.extraVolumes }} +{{ toYaml .Values.podSweeper.extraVolumes | nindent 6 }} + {{- end }} diff --git a/charts/airbyte/templates/scheduler/deployment.yaml b/charts/airbyte/templates/scheduler/deployment.yaml index 839f22100834..603a43d5ea85 100644 --- a/charts/airbyte/templates/scheduler/deployment.yaml +++ b/charts/airbyte/templates/scheduler/deployment.yaml @@ -212,11 +212,46 @@ spec: {{- if .Values.scheduler.resources }} resources: {{- toYaml .Values.scheduler.resources | nindent 10 }} {{- end }} + {{- if .Values.scheduler.containerSecurityContext }} + securityContext: {{- toYaml .Values.scheduler.containerSecurityContext | nindent 10 }} + {{- end }} + {{- if .Values.scheduler.livenessProbe.enabled }} + livenessProbe: + exec: + command: + - /bin/sh + - -ec + - grep -qa airbyte.scheduler.app.SchedulerApp /proc/1/cmdline + initialDelaySeconds: {{ .Values.scheduler.livenessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.scheduler.livenessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.scheduler.livenessProbe.timeoutSeconds }} + successThreshold: {{ .Values.scheduler.livenessProbe.successThreshold }} + failureThreshold: {{ .Values.scheduler.livenessProbe.failureThreshold }} + {{- end }} + {{- if .Values.scheduler.readinessProbe.enabled }} + readinessProbe: + exec: + command: + - /bin/sh + - -ec + - grep -qa airbyte.scheduler.app.SchedulerApp /proc/1/cmdline + initialDelaySeconds: {{ .Values.scheduler.readinessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.scheduler.readinessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.scheduler.readinessProbe.timeoutSeconds }} + successThreshold: {{ .Values.scheduler.readinessProbe.successThreshold }} + failureThreshold: {{ .Values.scheduler.readinessProbe.failureThreshold }} + {{- end }} volumeMounts: - name: gcs-log-creds-volume mountPath: /secrets/gcs-log-creds readOnly: true + {{- if .Values.scheduler.extraVolumeMounts }} + {{ toYaml .Values.scheduler.extraVolumeMounts | nindent 8 }} + {{- end }} volumes: - name: gcs-log-creds-volume secret: secretName: gcs-log-creds + {{- if .Values.scheduler.extraVolumes }} +{{ toYaml .Values.scheduler.extraVolumes | nindent 6 }} + {{- end }} diff --git a/charts/airbyte/templates/server/deployment.yaml b/charts/airbyte/templates/server/deployment.yaml index 44b0036e3176..57ffd9920996 100644 --- a/charts/airbyte/templates/server/deployment.yaml +++ b/charts/airbyte/templates/server/deployment.yaml @@ -214,6 +214,9 @@ spec: {{- if .Values.server.resources }} resources: {{- toYaml .Values.server.resources | nindent 10 }} {{- end }} + {{- if .Values.server.containerSecurityContext }} + securityContext: {{- toYaml .Values.server.containerSecurityContext | nindent 10 }} + {{- end }} volumeMounts: - name: airbyte-data mountPath: /configs @@ -224,6 +227,9 @@ spec: - name: gcs-log-creds-volume mountPath: /secrets/gcs-log-creds readOnly: true + {{- if .Values.server.extraVolumeMounts }} + {{ toYaml .Values.server.extraVolumeMounts | nindent 8 }} + {{- end }} volumes: - name: airbyte-data persistentVolumeClaim: @@ -231,3 +237,6 @@ spec: - name: gcs-log-creds-volume secret: secretName: gcs-log-creds + {{- if .Values.server.extraVolumes }} +{{ toYaml .Values.server.extraVolumes | nindent 6 }} + {{- end }} diff --git a/charts/airbyte/templates/temporal/deployment.yaml b/charts/airbyte/templates/temporal/deployment.yaml index 103a01aa6f2c..20101dad94ae 100644 --- a/charts/airbyte/templates/temporal/deployment.yaml +++ b/charts/airbyte/templates/temporal/deployment.yaml @@ -29,6 +29,10 @@ spec: {{- if .Values.temporal.affinity }} affinity: {{- include "common.tplvalues.render" (dict "value" .Values.temporal.affinity "context" $) | nindent 8 }} {{- end }} +{{- if .Values.temporal.extraInitContainers }} + initContainers: +{{- toYaml .Values.temporal.extraInitContainers | nindent 6 }} +{{- end }} containers: - name: airbyte-temporal image: {{ include "airbyte.temporalImage" . }} @@ -64,12 +68,44 @@ spec: {{- end }} ports: - containerPort: 7233 + {{- if .Values.temporal.containerSecurityContext }} + securityContext: {{- toYaml .Values.temporal.containerSecurityContext | nindent 10 }} + {{- end }} volumeMounts: - name: airbyte-temporal-dynamicconfig mountPath: "/etc/temporal/config/dynamicconfig/" {{- if .Values.temporal.resources }} resources: {{- toYaml .Values.temporal.resources | nindent 10 }} {{- end }} + {{- if .Values.temporal.extraVolumeMounts }} + {{ toYaml .Values.temporal.extraVolumeMounts | nindent 8 }} + {{- end }} + {{- if .Values.temporal.livenessProbe.enabled }} + livenessProbe: + exec: + command: + - /bin/sh + - -ec + - 'test $(ps -ef | grep -v grep | grep temporal-server | wc -l) -eq 1' + initialDelaySeconds: {{ .Values.temporal.livenessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.temporal.livenessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.temporal.livenessProbe.timeoutSeconds }} + successThreshold: {{ .Values.temporal.livenessProbe.successThreshold }} + failureThreshold: {{ .Values.temporal.livenessProbe.failureThreshold }} + {{- end }} + {{- if .Values.temporal.readinessProbe.enabled }} + readinessProbe: + exec: + command: + - /bin/sh + - -ec + - 'test $(ps -ef | grep -v grep | grep temporal-server | wc -l) -eq 1' + initialDelaySeconds: {{ .Values.temporal.readinessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.temporal.readinessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.temporal.readinessProbe.timeoutSeconds }} + successThreshold: {{ .Values.temporal.readinessProbe.successThreshold }} + failureThreshold: {{ .Values.temporal.readinessProbe.failureThreshold }} + {{- end }} volumes: - name: airbyte-temporal-dynamicconfig configMap: @@ -77,3 +113,6 @@ spec: items: - key: development.yaml path: development.yaml + {{- if .Values.temporal.extraVolumes }} +{{ toYaml .Values.temporal.extraVolumes | nindent 6 }} + {{- end }} diff --git a/charts/airbyte/templates/webapp/deployment.yaml b/charts/airbyte/templates/webapp/deployment.yaml index 36cd53578a63..1b12b7565ab3 100644 --- a/charts/airbyte/templates/webapp/deployment.yaml +++ b/charts/airbyte/templates/webapp/deployment.yaml @@ -66,6 +66,27 @@ spec: {{- if .Values.webapp.extraEnv }} {{ .Values.webapp.extraEnv | toYaml | nindent 8 }} {{- end }} + {{- if .Values.webapp.livenessProbe.enabled }} + livenessProbe: + tcpSocket: + port: http + initialDelaySeconds: {{ .Values.webapp.livenessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.webapp.livenessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.webapp.livenessProbe.timeoutSeconds }} + successThreshold: {{ .Values.webapp.livenessProbe.successThreshold }} + failureThreshold: {{ .Values.webapp.livenessProbe.failureThreshold }} + {{- end }} + {{- if .Values.webapp.readinessProbe.enabled }} + readinessProbe: + httpGet: + path: /api/v1/health + port: http + initialDelaySeconds: {{ .Values.webapp.readinessProbe.initialDelaySeconds }} + periodSeconds: {{ .Values.webapp.readinessProbe.periodSeconds }} + timeoutSeconds: {{ .Values.webapp.readinessProbe.timeoutSeconds }} + successThreshold: {{ .Values.webapp.readinessProbe.successThreshold }} + failureThreshold: {{ .Values.webapp.readinessProbe.failureThreshold }} + {{- end }} ports: - name: http containerPort: 80 @@ -73,3 +94,14 @@ spec: {{- if .Values.webapp.resources }} resources: {{- toYaml .Values.webapp.resources | nindent 10 }} {{- end }} + {{- if .Values.webapp.containerSecurityContext }} + securityContext: {{- toYaml .Values.webapp.containerSecurityContext | nindent 10 }} + {{- end }} + volumeMounts: + {{- if .Values.webapp.extraVolumeMounts }} + {{ toYaml .Values.webapp.extraVolumeMounts | nindent 8 }} + {{- end }} + volumes: + {{- if .Values.webapp.extraVolumes }} +{{ toYaml .Values.webapp.extraVolumes | nindent 6 }} + {{- end }} diff --git a/charts/airbyte/templates/worker/deployment.yaml b/charts/airbyte/templates/worker/deployment.yaml index c7770b90c959..8bcf7dc06610 100644 --- a/charts/airbyte/templates/worker/deployment.yaml +++ b/charts/airbyte/templates/worker/deployment.yaml @@ -287,11 +287,20 @@ spec: {{- if .Values.worker.resources }} resources: {{- toYaml .Values.worker.resources | nindent 10 }} {{- end }} + {{- if .Values.worker.containerSecurityContext }} + securityContext: {{- toYaml .Values.worker.containerSecurityContext | nindent 10 }} + {{- end }} volumeMounts: - name: gcs-log-creds-volume mountPath: /secrets/gcs-log-creds readOnly: true + {{- if .Values.worker.extraVolumeMounts }} +{{ toYaml .Values.worker.extraVolumeMounts | nindent 8 }} + {{- end }} volumes: - name: gcs-log-creds-volume secret: secretName: gcs-log-creds + {{- if .Values.worker.extraVolumes }} +{{ toYaml .Values.worker.extraVolumes | nindent 6 }} + {{- end }} diff --git a/charts/airbyte/values.yaml b/charts/airbyte/values.yaml index 5ac58995e9b2..53fa6506c92b 100644 --- a/charts/airbyte/values.yaml +++ b/charts/airbyte/values.yaml @@ -49,6 +49,46 @@ webapp: ## podAnnotations: {} + ## @param webapp.containerSecurityContext Security context for the container + ## Examples: + ## containerSecurityContext: + ## runAsNonRoot: true + ## runAsUser: 1000 + ## readOnlyRootFilesystem: true + containerSecurityContext: {} + + ## Configure extra options for the webapp containers' liveness and readiness probes + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes + ## @param webapp.livenessProbe.enabled Enable livenessProbe on the webapp + ## @param webapp.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe + ## @param webapp.livenessProbe.periodSeconds Period seconds for livenessProbe + ## @param webapp.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe + ## @param webapp.livenessProbe.failureThreshold Failure threshold for livenessProbe + ## @param webapp.livenessProbe.successThreshold Success threshold for livenessProbe + ## + livenessProbe: + enabled: true + initialDelaySeconds: 30 + periodSeconds: 10 + timeoutSeconds: 1 + failureThreshold: 3 + successThreshold: 1 + + ## @param webapp.readinessProbe.enabled Enable readinessProbe on the webapp + ## @param webapp.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe + ## @param webapp.readinessProbe.periodSeconds Period seconds for readinessProbe + ## @param webapp.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe + ## @param webapp.readinessProbe.failureThreshold Failure threshold for readinessProbe + ## @param webapp.readinessProbe.successThreshold Success threshold for readinessProbe + ## + readinessProbe: + enabled: true + initialDelaySeconds: 10 + periodSeconds: 10 + timeoutSeconds: 1 + failureThreshold: 3 + successThreshold: 1 + ## @param webapp.service.type The service type to use for the webapp service ## @param webapp.service.port The service port to expose the webapp on service: @@ -133,6 +173,30 @@ webapp: ## value: "key=sample-value" extraEnv: [] + ## @param webapp.extraVolumeMounts [array] Additional volumeMounts for webapp container(s). + ## Examples (when using `webapp.containerSecurityContext.readOnlyRootFilesystem=true`): + ## extraVolumeMounts: + ## - name: var-run + ## mountPath: /var/run/ + ## - name: var-cache-nginx + ## mountPath: /var/cache/nginx + ## - mountPath: /etc/nginx/conf.d + ## name: nginx-conf-d + ## + extraVolumeMounts: [] + + ## @param webapp.extraVolumes [array] Additional volumes for webapp pod(s). + ## Examples (when using `webapp.containerSecurityContext.readOnlyRootFilesystem=true`): + ## extraVolumes: + ## - name: var-run + ## emptyDir: {} + ## - name: var-cache-nginx + ## emptyDir: {} + ## - name: nginx-conf-d + ## emptyDir: {} + ## + extraVolumes: [] + ## @section Scheduler Parameters scheduler: @@ -151,6 +215,46 @@ scheduler: ## podAnnotations: {} + ## @param scheduler.containerSecurityContext Security context for the container + ## Examples: + ## containerSecurityContext: + ## runAsNonRoot: true + ## runAsUser: 1000 + ## readOnlyRootFilesystem: true + containerSecurityContext: {} + + ## Configure extra options for the scheduler containers' liveness and readiness probes + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes + ## @param scheduler.livenessProbe.enabled Enable livenessProbe on the scheduler + ## @param scheduler.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe + ## @param scheduler.livenessProbe.periodSeconds Period seconds for livenessProbe + ## @param scheduler.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe + ## @param scheduler.livenessProbe.failureThreshold Failure threshold for livenessProbe + ## @param scheduler.livenessProbe.successThreshold Success threshold for livenessProbe + ## + livenessProbe: + enabled: true + initialDelaySeconds: 5 + periodSeconds: 30 + timeoutSeconds: 1 + failureThreshold: 3 + successThreshold: 1 + + ## @param scheduler.readinessProbe.enabled Enable readinessProbe on the scheduler + ## @param scheduler.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe + ## @param scheduler.readinessProbe.periodSeconds Period seconds for readinessProbe + ## @param scheduler.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe + ## @param scheduler.readinessProbe.failureThreshold Failure threshold for readinessProbe + ## @param scheduler.readinessProbe.successThreshold Success threshold for readinessProbe + ## + readinessProbe: + enabled: true + initialDelaySeconds: 5 + periodSeconds: 30 + timeoutSeconds: 1 + failureThreshold: 3 + successThreshold: 1 + ## Scheduler resource requests and limits ## ref: http://kubernetes.io/docs/user-guide/compute-resources/ ## We usually recommend not to specify default resources and to leave this as a conscious @@ -198,6 +302,26 @@ scheduler: ## value: "key=sample-value" extraEnv: [] + ## @param scheduler.extraVolumeMounts [array] Additional volumeMounts for scheduler container(s). + ## Examples: + ## extraVolumeMounts: + ## - name: tmpdir + ## mountPath: /tmp + ## - mountPath: /workspace + ## name: workspace + ## + extraVolumeMounts: [] + + ## @param scheduler.extraVolumes [array] Additional volumes for scheduler pod(s). + ## Examples: + ## extraVolumes: + ## - name: tmpdir + ## emptyDir: {} + ## - name: workspace + ## emptyDir: {} + ## + extraVolumes: [] + ## @section Pod Sweeper parameters podSweeper: @@ -213,6 +337,46 @@ podSweeper: ## podAnnotations: {} + ## @param podSweeper.containerSecurityContext Security context for the container + ## Examples: + ## containerSecurityContext: + ## runAsNonRoot: true + ## runAsUser: 1000 + ## readOnlyRootFilesystem: true + containerSecurityContext: {} + + ## Configure extra options for the podSweeper containers' liveness and readiness probes + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes + ## @param podSweeper.livenessProbe.enabled Enable livenessProbe on the podSweeper + ## @param podSweeper.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe + ## @param podSweeper.livenessProbe.periodSeconds Period seconds for livenessProbe + ## @param podSweeper.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe + ## @param podSweeper.livenessProbe.failureThreshold Failure threshold for livenessProbe + ## @param podSweeper.livenessProbe.successThreshold Success threshold for livenessProbe + ## + livenessProbe: + enabled: true + initialDelaySeconds: 5 + periodSeconds: 30 + timeoutSeconds: 1 + failureThreshold: 3 + successThreshold: 1 + + ## @param podSweeper.readinessProbe.enabled Enable readinessProbe on the podSweeper + ## @param podSweeper.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe + ## @param podSweeper.readinessProbe.periodSeconds Period seconds for readinessProbe + ## @param podSweeper.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe + ## @param podSweeper.readinessProbe.failureThreshold Failure threshold for readinessProbe + ## @param podSweeper.readinessProbe.successThreshold Success threshold for readinessProbe + ## + readinessProbe: + enabled: true + initialDelaySeconds: 5 + periodSeconds: 30 + timeoutSeconds: 1 + failureThreshold: 3 + successThreshold: 1 + ## Pod Sweeper app resource requests and limits ## ref: http://kubernetes.io/docs/user-guide/compute-resources/ ## We usually recommend not to specify default resources and to leave this as a conscious @@ -248,6 +412,22 @@ podSweeper: ## affinity: {} + ## @param podSweeper.extraVolumeMounts [array] Additional volumeMounts for podSweeper container(s). + ## Examples: + ## extraVolumeMounts: + ## - name: tmpdir + ## mountPath: /tmp + ## + extraVolumeMounts: [] + + ## @param podSweeper.extraVolumes [array] Additional volumes for podSweeper pod(s). + ## Examples: + ## extraVolumes: + ## - name: tmpdir + ## emptyDir: {} + ## + extraVolumes: [] + ## @section Server parameters server: @@ -266,6 +446,14 @@ server: ## podAnnotations: {} + ## @param server.containerSecurityContext Security context for the container + ## Examples: + ## containerSecurityContext: + ## runAsNonRoot: true + ## runAsUser: 1000 + ## readOnlyRootFilesystem: true + containerSecurityContext: {} + ## Configure extra options for the server containers' liveness and readiness probes ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes ## @param server.livenessProbe.enabled Enable livenessProbe on the server @@ -365,6 +553,22 @@ server: ## value: "key=sample-value" extraEnv: [] + ## @param server.extraVolumeMounts [array] Additional volumeMounts for server container(s). + ## Examples (when using `server.containerSecurityContext.readOnlyRootFilesystem=true`): + ## extraVolumeMounts: + ## - name: tmpdir + ## mountPath: /tmp + ## + extraVolumeMounts: [] + + ## @param server.extraVolumes [array] Additional volumes for server pod(s). + ## Examples (when using `server.containerSecurityContext.readOnlyRootFilesystem=true`): + ## extraVolumes: + ## - name: tmpdir + ## emptyDir: {} + ## + extraVolumes: [] + ## @section Worker Parameters worker: @@ -383,6 +587,14 @@ worker: ## podAnnotations: {} + ## @param worker.containerSecurityContext Security context for the container + ## Examples: + ## containerSecurityContext: + ## runAsNonRoot: true + ## runAsUser: 1000 + ## readOnlyRootFilesystem: true + containerSecurityContext: {} + ## Configure extra options for the worker containers' liveness and readiness probes ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes ## @param worker.livenessProbe.enabled Enable livenessProbe on the worker @@ -462,6 +674,22 @@ worker: ## value: "key=airbyte-server,operator=Equals,value=true,effect=NoSchedule" extraEnv: [] + ## @param worker.extraVolumeMounts [array] Additional volumeMounts for worker container(s). + ## Examples (when using `worker.containerSecurityContext.readOnlyRootFilesystem=true`): + ## extraVolumeMounts: + ## - name: tmpdir + ## mountPath: /tmp + ## + extraVolumeMounts: [] + + ## @param worker.extraVolumes [array] Additional volumes for worker pod(s). + ## Examples (when using `worker.containerSecurityContext.readOnlyRootFilesystem=true`): + ## extraVolumes: + ## - name: tmpdir + ## emptyDir: {} + ## + extraVolumes: [] + ## @section Bootloader Parameters bootloader: @@ -502,6 +730,61 @@ temporal: ## podAnnotations: {} + ## @param temporal.containerSecurityContext Security context for the container + ## Examples: + ## containerSecurityContext: + ## runAsNonRoot: true + ## runAsUser: 1000 + ## readOnlyRootFilesystem: true + containerSecurityContext: {} + + ## @param temporal.extraInitContainers Additional InitContainers to initialize the pod + ## Examples (when using `temporal.containerSecurityContext.readOnlyRootFilesystem=true`): + ## extraInitContainers: + ## - name: config-loader + ## image: temporalio/auto-setup:1.7.0 + ## command: + ## - /bin/sh + ## - -c + ## - >- + ## find /etc/temporal/config/ -maxdepth 1 -mindepth 1 -exec cp -ar {} /config/ \; + ## volumeMounts: + ## - name: config + ## mountPath: /config + extraInitContainers: [] + + ## Configure extra options for the temporal containers' liveness and readiness probes + ## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-probes/#configure-probes + ## @param temporal.livenessProbe.enabled Enable livenessProbe on the temporal + ## @param temporal.livenessProbe.initialDelaySeconds Initial delay seconds for livenessProbe + ## @param temporal.livenessProbe.periodSeconds Period seconds for livenessProbe + ## @param temporal.livenessProbe.timeoutSeconds Timeout seconds for livenessProbe + ## @param temporal.livenessProbe.failureThreshold Failure threshold for livenessProbe + ## @param temporal.livenessProbe.successThreshold Success threshold for livenessProbe + ## + livenessProbe: + enabled: true + initialDelaySeconds: 5 + periodSeconds: 30 + timeoutSeconds: 1 + failureThreshold: 3 + successThreshold: 1 + + ## @param temporal.readinessProbe.enabled Enable readinessProbe on the temporal + ## @param temporal.readinessProbe.initialDelaySeconds Initial delay seconds for readinessProbe + ## @param temporal.readinessProbe.periodSeconds Period seconds for readinessProbe + ## @param temporal.readinessProbe.timeoutSeconds Timeout seconds for readinessProbe + ## @param temporal.readinessProbe.failureThreshold Failure threshold for readinessProbe + ## @param temporal.readinessProbe.successThreshold Success threshold for readinessProbe + ## + readinessProbe: + enabled: true + initialDelaySeconds: 5 + periodSeconds: 30 + timeoutSeconds: 1 + failureThreshold: 3 + successThreshold: 1 + ## @param temporal.nodeSelector [object] Node labels for temporal pod assignment ## Ref: https://kubernetes.io/docs/user-guide/node-selection/ ## @@ -525,6 +808,26 @@ temporal: ## value: "key=sample-value" extraEnv: [] + ## @param temporal.extraVolumeMounts [array] Additional volumeMounts for temporal container(s). + ## Examples (when using `temporal.containerSecurityContext.readOnlyRootFilesystem=true`): + ## extraVolumeMounts: + ## - name: tmpdir + ## mountPath: /tmp + ## - name: config + ## mountPath: /etc/temporal/config + ## + extraVolumeMounts: [] + + ## @param temporal.extraVolumes [array] Additional volumes for temporal pod(s). + ## Examples (when using `temporal.containerSecurityContext.readOnlyRootFilesystem=true`): + ## extraVolumes: + ## - name: tmpdir + ## emptyDir: {} + ## - name: config + ## emptyDir: {} + ## + extraVolumes: [] + ## @section Airbyte Database parameters ## PostgreSQL chart configuration @@ -534,6 +837,9 @@ temporal: ## @param postgresql.postgresqlPassword Airbyte Postgresql password ## @param postgresql.postgresqlDatabase Airbyte Postgresql database ## @param postgresql.existingSecret Name of an existing secret containing the PostgreSQL password ('postgresql-password' key) +## @param postgresql.containerSecurityContext.runAsNonRoot Ensures the container will run with a non-root user +## @param postgresql.commonAnnotations.helm.sh/hook It will determine when the hook should be rendered +## @param postgresql.commonAnnotations.helm.sh/hook-weight The order in which the hooks are executed. If weight is lower, it has higher priority ## postgresql: enabled: true @@ -543,6 +849,8 @@ postgresql: ## This secret is used in case of postgresql.enabled=true and we would like to specify password for newly created postgresql instance ## existingSecret: "" + containerSecurityContext: + runAsNonRoot: true commonAnnotations: helm.sh/hook: pre-install,pre-upgrade helm.sh/hook-weight: "-1" @@ -568,11 +876,15 @@ externalDatabase: ## @section Logs parameters logs: ## @param logs.accessKey.password Logs Access Key - ## @param logs.secretKey.password Logs Secret Key + ## @param logs.accessKey.existingSecret + ## @param logs.accessKey.existingSecretKey accessKey: password: minio existingSecret: "" existingSecretKey: "" + ## @param logs.secretKey.password Logs Secret Key + ## @param logs.secretKey.existingSecret + ## @param logs.secretKey.existingSecretKey secretKey: password: minio123 existingSecret: "" @@ -615,6 +927,14 @@ minio: password: minio123 jobs: + ## Jobs resource requests and limits + ## ref: http://kubernetes.io/docs/user-guide/compute-resources/ + ## We usually recommend not to specify default resources and to leave this as a conscious + ## choice for the user. This also increases chances charts run on environments with little + ## resources, such as Minikube. If you do want to specify resources, uncomment the following + ## lines, adjust them as necessary, and remove the curly braces after 'resources:'. + ## @param jobs.resources.limits [object] The resources limits for jobs + ## @param jobs.resources.requests [object] The requested resources for jobs resources: ## Example: ## requests: