-
Notifications
You must be signed in to change notification settings - Fork 28
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Issue 107: async task processor deployment #108
Conversation
If this looks good, probably warrants a PR to https://github.com/Flagsmith/flagsmith-docs. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Added one comment but this looks good to me otherwise.
Yep, this makes sense. I will add an issue to handle this.
Yeah, this is a good point too. I will add a todo for this as well. |
a6bcefd
to
cee42e5
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Approved with one minor comment.
podSecurityContext: {} | ||
defaultPodSecurityContext: | ||
enabled: true | ||
# runAsNonRoot: true # TODO: enable this, conditional on tag semver |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I appreciate this is also in other places in this file but I'm not entirely sure I understand what this is waiting on? What is meant be 'tag semver' ?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There will - presumably - be some application version that means that setting this to true
becomes the right thing to do, but before which setting this would break things.
Suppose it was application version 1.2.3 that introduced this change, then would probably want the chart behaviour as follows:
- if
runAsNonRoot
not set (or set to null) in values, then- if image tag >= 1.2.3, do set
runAsNonRoot: true
for the pods, as this is known to be safe - else do not set
runAsNonRoot
- if image tag >= 1.2.3, do set
- if
runAsNonRoot
set in values totrue
orfalse
, then set that for the pods, as that is what the user has asked for.
That might be important enough to get ticketed, but maybe not.
cee42e5
to
fec24bc
Compare
@matthewelwell have rebased and fixed the chart version. |
fec24bc
to
ab49e65
Compare
Thanks for submitting a PR! Please check the boxes below:
Fixes #107.
/charts/flagsmith/Chart.yaml
in the sectionversion
or I'm merging to a release branchChanges
Add deployment to run the task processor
How did you test this code?
Deployed with the following values:
Then port-forwarded to access the API, and accessed
/health?format=json
and saw the response included:"TaskProcessorHealthCheckBackend": "working"
.Further, when additionally setting
Got
"TaskProcessorHealthCheckBackend": "unknown error: Task processor is unable to process tasks."
Some application-side nice-to-haves:
/health?check=TaskProcessorHealthCheckBackend&mustSucceed=true
return a 200 if that checks passes and a 500 if not?runprocessor
andchecktaskprocessorthreadhealth
(and passed any command line args through, whichrunprocessor
does have), then could remove the references topython manage.py
from the templates in this PR. This is probably neater, as it means thatrun-docker.sh
is what define the interface for the Docker image, but in practical terms, in doesn't make much difference.