Oleks
8c119efff8
- #3 Liveness probe targets full SSR DB-querying / route, coupling pod liveness to SQLite - #4 Chart values-staging/production.yaml are dead config under Flux; drift trap - #6 tsconfig includes gitignored emdash-env.d.ts that only the dev server generates - #7 Dockerfile package-lock glob + npm install fallback can silently build an unlocked image - #8 Dockerfile creates runtime user without pinning its GID - #9 entrypoint.sh gates `emdash init` on data.db absence, skipping migrations on PVC reuse - #10 pullPolicy: Always vs digest pinning - #11 Dockerfile state symlinks contradict the STATE_DIR contract; Dockerfile does not set ENV STATE_DIR - #12 astro is a production dependency, so npm prune --omit=dev keeps build-only tooling - #14 Two ImageUpdateAutomations write back to the same anton-helm-workloads main branch - #16 memoryCache provider is per-process; correctness depends implicitly on replicas:1 - #17 Root catch-all [slug].astro couples nav links to pages-collection rows + DB hit per unmatched path - #18 Detail pages render a 200-style body under a 404 status and have no try/catch around getEmDash* calls - #19 vite allowedHosts hardcodes ddev hostnames (dev-only; no prod impact)
51 lines
1.4 KiB
YAML
51 lines
1.4 KiB
YAML
apiVersion: helm.toolkit.fluxcd.io/v2
|
|
kind: HelmRelease
|
|
metadata:
|
|
name: cms-plugins-production
|
|
namespace: kotkan
|
|
spec:
|
|
interval: 5m
|
|
chart:
|
|
spec:
|
|
chart: ./deploy/helm
|
|
sourceRef:
|
|
kind: GitRepository
|
|
name: cms-plugins-production
|
|
namespace: kotkan
|
|
reconcileStrategy: Revision
|
|
releaseName: cms-plugins-production
|
|
targetNamespace: kotkan
|
|
install:
|
|
disableWait: true
|
|
remediation:
|
|
retries: 3
|
|
upgrade:
|
|
disableWait: true
|
|
remediation:
|
|
retries: 3
|
|
values:
|
|
existingSecret: cms-plugins-production-secrets
|
|
image:
|
|
# `tag` stays human-readable. The chart prefers `digest` when set
|
|
# and renders `repository@<digest>` — that's what actually pins
|
|
# the pod. Without digest pinning, helm upgrade would see no spec
|
|
# change when CI retags the floating `production` tag.
|
|
tag: production
|
|
digest: "" # {"$imagepolicy": "kotkan:cms-plugins-production:digest"}
|
|
# digest-pinned below, so this is effectively a no-op (a digest is
|
|
# immutable); kept as Always to match the chart default.
|
|
pullPolicy: Always
|
|
ingress:
|
|
host: cms-plugins-production.kotkanagrilli.fi
|
|
nodeSelector:
|
|
kubernetes.io/hostname: kotkan
|
|
persistence:
|
|
size: 10Gi
|
|
resources:
|
|
requests:
|
|
cpu: 100m
|
|
memory: 384Mi
|
|
limits:
|
|
cpu: "1"
|
|
memory: 1Gi
|