diff --git a/stable/sentry/Chart.yaml b/stable/sentry/Chart.yaml index 689b432fd641..cc074badd103 100644 --- a/stable/sentry/Chart.yaml +++ b/stable/sentry/Chart.yaml @@ -1,8 +1,8 @@ apiVersion: v1 description: Sentry is a cross-platform crash reporting and aggregation platform. name: sentry -version: 0.3.1 -appVersion: 8.22 +version: 0.4.0 +appVersion: 9.0 keywords: - debugging - logging diff --git a/stable/sentry/README.md b/stable/sentry/README.md index 83c1513518a2..320570014052 100644 --- a/stable/sentry/README.md +++ b/stable/sentry/README.md @@ -58,9 +58,10 @@ The following table lists the configurable parameters of the Sentry chart and th | Parameter | Description | Default | | ------------------------------- | ------------------------------- | ---------------------------------------------------------- | -| `image.repository` | Sentry image | `library/sentry:{VERSION}` | -| `image.tag` | Sentry image tag | `8.17` | +| `image.repository` | Sentry image | `library/sentry` | +| `image.tag` | Sentry image tag | `9.0` | | `imagePullPolicy` | Image pull policy | `IfNotPresent` | +| `web.podAnnotations` | Web pod annotations | `{}` | | `web.replicacount` | Amount of web pods to run | `1` | | `web.resources.limits` | Web resource limits | `{cpu: 500m, memory: 500Mi}` | | `web.resources.requests` | Web resource requests | `{cpu: 300m, memory: 300Mi}` | @@ -69,6 +70,7 @@ The following table lists the configurable parameters of the Sentry chart and th | `web.affinity` | Affinity settings for web pod assignment | `{}` | | `web.schedulerName` | Name of an alternate scheduler for web pod | `nil` | | `web.tolerations` | Toleration labels for web pod assignment | `[]` | +| `cron.podAnnotations` | Cron pod annotations | `{}` | | `cron.replicacount` | Amount of cron pods to run | `1` | | `cron.resources.limits` | Cron resource limits | `{cpu: 200m, memory: 200Mi}` | | `cron.resources.requests` | Cron resource requests | `{cpu: 100m, memory: 100Mi}` | @@ -76,6 +78,7 @@ The following table lists the configurable parameters of the Sentry chart and th | `cron.affinity` | Affinity settings for cron pod assignment | `{}` | | `cron.schedulerName` | Name of an alternate scheduler for cron pod | `nil` | | `cron.tolerations` | Toleration labels for cron pod assignment | `[]` | +| `worker.podAnnotations` | Worker pod annotations | `{}` | | `worker.replicacount` | Amount of worker pods to run | `2` | | `worker.resources.limits` | Worker resource limits | `{cpu: 300m, memory: 500Mi}` | | `worker.resources.requests` | Worker resource requests | `{cpu: 100m, memory: 100Mi}` | @@ -104,6 +107,8 @@ The following table lists the configurable parameters of the Sentry chart and th | `persistence.storageClass` | PVC Storage Class | `nil` (uses alpha storage class annotation) | | `persistence.accessMode` | PVC Access Mode | `ReadWriteOnce` | | `persistence.size` | PVC Storage Request | `10Gi` | +| `config.configYml` | Sentry config.yml file | `` | +| `config.sentryConfPy` | Sentry sentry.conf.py file | `` | Dependent charts can also have values overwritten. Preface values with postgresql.* or redis.* diff --git a/stable/sentry/requirements.lock b/stable/sentry/requirements.lock index 76d26dfdc6cd..3967863fd8bd 100644 --- a/stable/sentry/requirements.lock +++ b/stable/sentry/requirements.lock @@ -1,9 +1,9 @@ dependencies: - name: postgresql repository: https://kubernetes-charts.storage.googleapis.com/ - version: 0.8.3 + version: 0.15.0 - name: redis repository: https://kubernetes-charts.storage.googleapis.com/ - version: 0.10.1 -digest: sha256:edf23e476cacd385037588df3226003e75fa5161f8c7556c370383bf9f9d1d71 -generated: 2017-09-29T15:01:25.29542-05:00 + version: 3.6.5 +digest: sha256:a49afdaa300dbb31e1661762b2779af0f74520661b044b9ac495df6c3309eb92 +generated: 2018-07-21T16:50:40.000327793+09:00 diff --git a/stable/sentry/requirements.yaml b/stable/sentry/requirements.yaml index 9875e6b0eed1..56573a263125 100644 --- a/stable/sentry/requirements.yaml +++ b/stable/sentry/requirements.yaml @@ -1,7 +1,7 @@ dependencies: - name: postgresql - version: 0.8.3 + version: 0.15.0 repository: https://kubernetes-charts.storage.googleapis.com/ - name: redis - version: 0.10.1 + version: 3.6.5 repository: https://kubernetes-charts.storage.googleapis.com/ diff --git a/stable/sentry/templates/configmap.yaml b/stable/sentry/templates/configmap.yaml new file mode 100644 index 000000000000..4b496e5be0e7 --- /dev/null +++ b/stable/sentry/templates/configmap.yaml @@ -0,0 +1,383 @@ +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ template "fullname" . }} + labels: + app: {{ template "fullname" . }} + chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}" + release: "{{ .Release.Name }}" + heritage: "{{ .Release.Service }}" +data: + config.yml: |- + # While a lot of configuration in Sentry can be changed via the UI, for all + # new-style config (as of 8.0) you can also declare values here in this file + # to enforce defaults or to ensure they cannot be changed via the UI. For more + # information see the Sentry documentation. + + ############### + # Mail Server # + ############### + + # mail.backend: 'smtp' # Use dummy if you want to disable email entirely + # mail.host: 'localhost' + # mail.port: 25 + # mail.username: '' + # mail.password: '' + # mail.use-tls: false + # The email address to send on behalf of + # mail.from: 'root@localhost' + + # If you'd like to configure email replies, enable this. + # mail.enable-replies: false + + # When email-replies are enabled, this value is used in the Reply-To header + # mail.reply-hostname: '' + + # If you're using mailgun for inbound mail, set your API key and configure a + # route to forward to /api/hooks/mailgun/inbound/ + # mail.mailgun-api-key: '' + + ################### + # System Settings # + ################### + + # If this file ever becomes compromised, it's important to regenerate your a new key + # Changing this value will result in all current sessions being invalidated. + # A new key can be generated with `$ sentry config generate-secret-key` + # system.secret-key: 'changeme' + + # The ``redis.clusters`` setting is used, unsurprisingly, to configure Redis + # clusters. These clusters can be then referred to by name when configuring + # backends such as the cache, digests, or TSDB backend. + # redis.clusters: + # default: + # hosts: + # 0: + # host: 127.0.0.1 + # port: 6379 + + ################ + # File storage # + ################ + + # Uploaded media uses these `filestore` settings. The available + # backends are either `filesystem` or `s3`. + + # filestore.backend: 'filesystem' + # filestore.options: + # location: '/tmp/sentry-files' + + # filestore.backend: 's3' + # filestore.options: + # access_key: 'AKIXXXXXX' + # secret_key: 'XXXXXXX' + # bucket_name: 's3-bucket-name' +{{ .Values.config.configYml | indent 4 }} + sentry.conf.py: |- + # This file is just Python, with a touch of Django which means + # you can inherit and tweak settings to your hearts content. + + # For Docker, the following environment variables are supported: + # SENTRY_POSTGRES_HOST + # SENTRY_POSTGRES_PORT + # SENTRY_DB_NAME + # SENTRY_DB_USER + # SENTRY_DB_PASSWORD + # SENTRY_RABBITMQ_HOST + # SENTRY_RABBITMQ_USERNAME + # SENTRY_RABBITMQ_PASSWORD + # SENTRY_RABBITMQ_VHOST + # SENTRY_REDIS_HOST + # SENTRY_REDIS_PASSWORD + # SENTRY_REDIS_PORT + # SENTRY_REDIS_DB + # SENTRY_MEMCACHED_HOST + # SENTRY_MEMCACHED_PORT + # SENTRY_FILESTORE_DIR + # SENTRY_SERVER_EMAIL + # SENTRY_EMAIL_HOST + # SENTRY_EMAIL_PORT + # SENTRY_EMAIL_USER + # SENTRY_EMAIL_PASSWORD + # SENTRY_EMAIL_USE_TLS + # SENTRY_ENABLE_EMAIL_REPLIES + # SENTRY_SMTP_HOSTNAME + # SENTRY_MAILGUN_API_KEY + # SENTRY_SINGLE_ORGANIZATION + # SENTRY_SECRET_KEY + # GITHUB_APP_ID + # GITHUB_API_SECRET + # BITBUCKET_CONSUMER_KEY + # BITBUCKET_CONSUMER_SECRET + from sentry.conf.server import * # NOQA + + import os + import os.path + + CONF_ROOT = os.path.dirname(__file__) + + postgres = env('SENTRY_POSTGRES_HOST') or (env('POSTGRES_PORT_5432_TCP_ADDR') and 'postgres') + if postgres: + DATABASES = { + 'default': { + 'ENGINE': 'sentry.db.postgres', + 'NAME': ( + env('SENTRY_DB_NAME') + or env('POSTGRES_ENV_POSTGRES_USER') + or 'postgres' + ), + 'USER': ( + env('SENTRY_DB_USER') + or env('POSTGRES_ENV_POSTGRES_USER') + or 'postgres' + ), + 'PASSWORD': ( + env('SENTRY_DB_PASSWORD') + or env('POSTGRES_ENV_POSTGRES_PASSWORD') + or '' + ), + 'HOST': postgres, + 'PORT': ( + env('SENTRY_POSTGRES_PORT') + or '' + ), + 'OPTIONS': { + 'autocommit': True, + }, + }, + } + + # You should not change this setting after your database has been created + # unless you have altered all schemas first + SENTRY_USE_BIG_INTS = True + + # If you're expecting any kind of real traffic on Sentry, we highly recommend + # configuring the CACHES and Redis settings + + ########### + # General # + ########### + + # Instruct Sentry that this install intends to be run by a single organization + # and thus various UI optimizations should be enabled. + SENTRY_SINGLE_ORGANIZATION = env('SENTRY_SINGLE_ORGANIZATION', True) + + ######### + # Redis # + ######### + + # Generic Redis configuration used as defaults for various things including: + # Buffers, Quotas, TSDB + + redis = env('SENTRY_REDIS_HOST') or (env('REDIS_PORT_6379_TCP_ADDR') and 'redis') + if not redis: + raise Exception('Error: REDIS_PORT_6379_TCP_ADDR (or SENTRY_REDIS_HOST) is undefined, did you forget to `--link` a redis container?') + + redis_password = env('SENTRY_REDIS_PASSWORD') or '' + redis_port = env('SENTRY_REDIS_PORT') or '6379' + redis_db = env('SENTRY_REDIS_DB') or '0' + + SENTRY_OPTIONS.update({ + 'redis.clusters': { + 'default': { + 'hosts': { + 0: { + 'host': redis, + 'password': redis_password, + 'port': redis_port, + 'db': redis_db, + }, + }, + }, + }, + }) + + ######### + # Cache # + ######### + + # Sentry currently utilizes two separate mechanisms. While CACHES is not a + # requirement, it will optimize several high throughput patterns. + + memcached = env('SENTRY_MEMCACHED_HOST') or (env('MEMCACHED_PORT_11211_TCP_ADDR') and 'memcached') + if memcached: + memcached_port = ( + env('SENTRY_MEMCACHED_PORT') + or '11211' + ) + CACHES = { + 'default': { + 'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache', + 'LOCATION': [memcached + ':' + memcached_port], + 'TIMEOUT': 3600, + } + } + + # A primary cache is required for things such as processing events + SENTRY_CACHE = 'sentry.cache.redis.RedisCache' + + ######### + # Queue # + ######### + + # See https://docs.getsentry.com/on-premise/server/queue/ for more + # information on configuring your queue broker and workers. Sentry relies + # on a Python framework called Celery to manage queues. + + rabbitmq = env('SENTRY_RABBITMQ_HOST') or (env('RABBITMQ_PORT_5672_TCP_ADDR') and 'rabbitmq') + + if rabbitmq: + BROKER_URL = ( + 'amqp://' + ( + env('SENTRY_RABBITMQ_USERNAME') + or env('RABBITMQ_ENV_RABBITMQ_DEFAULT_USER') + or 'guest' + ) + ':' + ( + env('SENTRY_RABBITMQ_PASSWORD') + or env('RABBITMQ_ENV_RABBITMQ_DEFAULT_PASS') + or 'guest' + ) + '@' + rabbitmq + '/' + ( + env('SENTRY_RABBITMQ_VHOST') + or env('RABBITMQ_ENV_RABBITMQ_DEFAULT_VHOST') + or '/' + ) + ) + else: + BROKER_URL = 'redis://:' + redis_password + '@' + redis + ':' + redis_port + '/' + redis_db + + + ############### + # Rate Limits # + ############### + + # Rate limits apply to notification handlers and are enforced per-project + # automatically. + + SENTRY_RATELIMITER = 'sentry.ratelimits.redis.RedisRateLimiter' + + ################## + # Update Buffers # + ################## + + # Buffers (combined with queueing) act as an intermediate layer between the + # database and the storage API. They will greatly improve efficiency on large + # numbers of the same events being sent to the API in a short amount of time. + # (read: if you send any kind of real data to Sentry, you should enable buffers) + + SENTRY_BUFFER = 'sentry.buffer.redis.RedisBuffer' + + ########## + # Quotas # + ########## + + # Quotas allow you to rate limit individual projects or the Sentry install as + # a whole. + + SENTRY_QUOTAS = 'sentry.quotas.redis.RedisQuota' + + ######## + # TSDB # + ######## + + # The TSDB is used for building charts as well as making things like per-rate + # alerts possible. + + SENTRY_TSDB = 'sentry.tsdb.redis.RedisTSDB' + + ########### + # Digests # + ########### + + # The digest backend powers notification summaries. + + SENTRY_DIGESTS = 'sentry.digests.backends.redis.RedisBackend' + + ################ + # File storage # + ################ + + # Uploaded media uses these `filestore` settings. The available + # backends are either `filesystem` or `s3`. + + SENTRY_OPTIONS['filestore.backend'] = 'filesystem' + SENTRY_OPTIONS['filestore.options'] = { + 'location': env('SENTRY_FILESTORE_DIR'), + } + + ############## + # Web Server # + ############## + + # If you're using a reverse SSL proxy, you should enable the X-Forwarded-Proto + # header and set `SENTRY_USE_SSL=1` + + if env('SENTRY_USE_SSL', False): + SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', 'https') + SESSION_COOKIE_SECURE = True + CSRF_COOKIE_SECURE = True + SOCIAL_AUTH_REDIRECT_IS_HTTPS = True + + SENTRY_WEB_HOST = '0.0.0.0' + SENTRY_WEB_PORT = 9000 + SENTRY_WEB_OPTIONS = { + # 'workers': 3, # the number of web workers + } + + ############### + # Mail Server # + ############### + + + email = env('SENTRY_EMAIL_HOST') or (env('SMTP_PORT_25_TCP_ADDR') and 'smtp') + if email: + SENTRY_OPTIONS['mail.backend'] = 'smtp' + SENTRY_OPTIONS['mail.host'] = email + SENTRY_OPTIONS['mail.password'] = env('SENTRY_EMAIL_PASSWORD') or '' + SENTRY_OPTIONS['mail.username'] = env('SENTRY_EMAIL_USER') or '' + SENTRY_OPTIONS['mail.port'] = int(env('SENTRY_EMAIL_PORT') or 25) + SENTRY_OPTIONS['mail.use-tls'] = env('SENTRY_EMAIL_USE_TLS', False) + else: + SENTRY_OPTIONS['mail.backend'] = 'dummy' + + # The email address to send on behalf of + SENTRY_OPTIONS['mail.from'] = env('SENTRY_SERVER_EMAIL') or 'root@localhost' + + # If you're using mailgun for inbound mail, set your API key and configure a + # route to forward to /api/hooks/mailgun/inbound/ + SENTRY_OPTIONS['mail.mailgun-api-key'] = env('SENTRY_MAILGUN_API_KEY') or '' + + # If you specify a MAILGUN_API_KEY, you definitely want EMAIL_REPLIES + if SENTRY_OPTIONS['mail.mailgun-api-key']: + SENTRY_OPTIONS['mail.enable-replies'] = True + else: + SENTRY_OPTIONS['mail.enable-replies'] = env('SENTRY_ENABLE_EMAIL_REPLIES', False) + + if SENTRY_OPTIONS['mail.enable-replies']: + SENTRY_OPTIONS['mail.reply-hostname'] = env('SENTRY_SMTP_HOSTNAME') or '' + + # If this value ever becomes compromised, it's important to regenerate your + # SENTRY_SECRET_KEY. Changing this value will result in all current sessions + # being invalidated. + secret_key = env('SENTRY_SECRET_KEY') + if not secret_key: + raise Exception('Error: SENTRY_SECRET_KEY is undefined, run `generate-secret-key` and set to -e SENTRY_SECRET_KEY') + + if 'SENTRY_RUNNING_UWSGI' not in os.environ and len(secret_key) < 32: + print('!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!') + print('!! CAUTION !!') + print('!! Your SENTRY_SECRET_KEY is potentially insecure. !!') + print('!! We recommend at least 32 characters long. !!') + print('!! Regenerate with `generate-secret-key`. !!') + print('!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!') + + SENTRY_OPTIONS['system.secret-key'] = secret_key + + if 'GITHUB_APP_ID' in os.environ: + GITHUB_EXTENDED_PERMISSIONS = ['repo'] + GITHUB_APP_ID = env('GITHUB_APP_ID') + GITHUB_API_SECRET = env('GITHUB_API_SECRET') + + if 'BITBUCKET_CONSUMER_KEY' in os.environ: + BITBUCKET_CONSUMER_KEY = env('BITBUCKET_CONSUMER_KEY') + BITBUCKET_CONSUMER_SECRET = env('BITBUCKET_CONSUMER_SECRET') +{{ .Values.config.sentryConfPy | indent 4 }} diff --git a/stable/sentry/templates/cron-deployment.yaml b/stable/sentry/templates/cron-deployment.yaml index 47820e174a66..af5c542c01a5 100644 --- a/stable/sentry/templates/cron-deployment.yaml +++ b/stable/sentry/templates/cron-deployment.yaml @@ -11,6 +11,10 @@ spec: replicas: {{ .Values.cron.replicacount }} template: metadata: + {{- if .Values.cron.podAnnotations }} + annotations: +{{ toYaml .Values.cron.podAnnotations | indent 8 }} + {{- end }} labels: app: {{ template "fullname" . }} release: "{{ .Release.Name }}" @@ -55,7 +59,11 @@ spec: - name: SENTRY_DB_PASSWORD valueFrom: secretKeyRef: + {{- if .Values.postgresql.existingSecret }} + name: {{ .Values.postgresql.existingSecret }} + {{- else }} name: {{ template "postgresql.fullname" . }} + {{- end }} key: postgres-password - name: SENTRY_POSTGRES_HOST value: {{ template "postgresql.fullname" . }} @@ -64,10 +72,14 @@ spec: - name: SENTRY_REDIS_PASSWORD valueFrom: secretKeyRef: + {{- if .Values.redis.existingSecret }} + name: {{ .Values.redis.existingSecret }} + {{- else }} name: {{ template "redis.fullname" . }} + {{- end }} key: redis-password - name: SENTRY_REDIS_HOST - value: {{ template "redis.fullname" . }} + value: {{ template "redis.fullname" . }}-master - name: SENTRY_REDIS_PORT value: "6379" - name: SENTRY_EMAIL_HOST @@ -88,5 +100,13 @@ spec: {{- if .Values.cron.env }} {{ toYaml .Values.cron.env | indent 8 }} {{- end }} + volumeMounts: + - mountPath: /etc/sentry + name: config + readOnly: true resources: {{ toYaml .Values.cron.resources | indent 12 }} + volumes: + - name: config + configMap: + name: {{ template "fullname" . }} diff --git a/stable/sentry/templates/hooks/db-init.job.yaml b/stable/sentry/templates/hooks/db-init.job.yaml index 4c649cd09d48..0abb0b98b78f 100644 --- a/stable/sentry/templates/hooks/db-init.job.yaml +++ b/stable/sentry/templates/hooks/db-init.job.yaml @@ -43,7 +43,11 @@ spec: - name: SENTRY_DB_PASSWORD valueFrom: secretKeyRef: + {{- if .Values.postgresql.existingSecret }} + name: {{ .Values.postgresql.existingSecret }} + {{- else }} name: {{ template "postgresql.fullname" . }} + {{- end }} key: postgres-password - name: SENTRY_POSTGRES_HOST value: {{ template "postgresql.fullname" . }} @@ -52,10 +56,14 @@ spec: - name: SENTRY_REDIS_PASSWORD valueFrom: secretKeyRef: + {{- if .Values.redis.existingSecret }} + name: {{ .Values.redis.existingSecret }} + {{- else }} name: {{ template "redis.fullname" . }} + {{- end }} key: redis-password - name: SENTRY_REDIS_HOST - value: {{ template "redis.fullname" . }} + value: {{ template "redis.fullname" . }}-master - name: SENTRY_REDIS_PORT value: "6379" - name: SENTRY_EMAIL_HOST @@ -73,3 +81,11 @@ spec: value: {{ .Values.email.use_tls | quote }} - name: SENTRY_SERVER_EMAIL value: {{ .Values.email.from_address | quote }} + volumeMounts: + - mountPath: /etc/sentry + name: config + readOnly: true + volumes: + - name: config + configMap: + name: {{ template "fullname" . }} diff --git a/stable/sentry/templates/hooks/user-create.job.yaml b/stable/sentry/templates/hooks/user-create.job.yaml index ca23481dfe0a..a8754897f14a 100644 --- a/stable/sentry/templates/hooks/user-create.job.yaml +++ b/stable/sentry/templates/hooks/user-create.job.yaml @@ -43,7 +43,11 @@ spec: - name: SENTRY_DB_PASSWORD valueFrom: secretKeyRef: + {{- if .Values.postgresql.existingSecret }} + name: {{ .Values.postgresql.existingSecret }} + {{- else }} name: {{ template "postgresql.fullname" . }} + {{- end }} key: postgres-password - name: SENTRY_POSTGRES_HOST value: {{ template "postgresql.fullname" . }} @@ -52,10 +56,14 @@ spec: - name: SENTRY_REDIS_PASSWORD valueFrom: secretKeyRef: + {{- if .Values.redis.existingSecret }} + name: {{ .Values.redis.existingSecret }} + {{- else }} name: {{ template "redis.fullname" . }} + {{- end }} key: redis-password - name: SENTRY_REDIS_HOST - value: {{ template "redis.fullname" . }} + value: {{ template "redis.fullname" . }}-master - name: SENTRY_REDIS_PORT value: "6379" - name: SENTRY_EMAIL_HOST @@ -78,4 +86,12 @@ spec: value: {{ .Values.email.use_tls | quote }} - name: SENTRY_SERVER_EMAIL value: {{ .Values.email.from_address | quote }} + volumeMounts: + - mountPath: /etc/sentry + name: config + readOnly: true + volumes: + - name: config + configMap: + name: {{ template "fullname" . }} {{- end -}} diff --git a/stable/sentry/templates/web-deployment.yaml b/stable/sentry/templates/web-deployment.yaml index b4ad4f847025..8f2e600ae87d 100644 --- a/stable/sentry/templates/web-deployment.yaml +++ b/stable/sentry/templates/web-deployment.yaml @@ -11,6 +11,10 @@ spec: replicas: {{ .Values.web.replicacount }} template: metadata: + {{- if .Values.web.podAnnotations }} + annotations: +{{ toYaml .Values.web.podAnnotations | indent 8 }} + {{- end }} labels: app: {{ template "fullname" . }} release: "{{ .Release.Name }}" @@ -54,7 +58,11 @@ spec: - name: SENTRY_DB_PASSWORD valueFrom: secretKeyRef: + {{- if .Values.postgresql.existingSecret }} + name: {{ .Values.postgresql.existingSecret }} + {{- else }} name: {{ template "postgresql.fullname" . }} + {{- end }} key: postgres-password - name: SENTRY_POSTGRES_HOST value: {{ template "postgresql.fullname" . }} @@ -63,10 +71,14 @@ spec: - name: SENTRY_REDIS_PASSWORD valueFrom: secretKeyRef: + {{- if .Values.redis.existingSecret }} + name: {{ .Values.redis.existingSecret }} + {{- else }} name: {{ template "redis.fullname" . }} + {{- end }} key: redis-password - name: SENTRY_REDIS_HOST - value: {{ template "redis.fullname" . }} + value: {{ template "redis.fullname" . }}-master - name: SENTRY_REDIS_PORT value: "6379" - name: SENTRY_EMAIL_HOST @@ -88,6 +100,9 @@ spec: {{ toYaml .Values.web.env | indent 8 }} {{- end }} volumeMounts: + - mountPath: /etc/sentry + name: config + readOnly: true - mountPath: {{ .Values.persistence.filestore_dir }} name: sentry-data livenessProbe: @@ -113,6 +128,9 @@ spec: resources: {{ toYaml .Values.web.resources | indent 12 }} volumes: + - name: config + configMap: + name: {{ template "fullname" . }} - name: sentry-data {{- if .Values.persistence.enabled }} persistentVolumeClaim: diff --git a/stable/sentry/templates/workers-deployment.yaml b/stable/sentry/templates/workers-deployment.yaml index 231883195243..843078296dd7 100644 --- a/stable/sentry/templates/workers-deployment.yaml +++ b/stable/sentry/templates/workers-deployment.yaml @@ -11,6 +11,10 @@ spec: replicas: {{ .Values.worker.replicacount }} template: metadata: + {{- if .Values.worker.podAnnotations }} + annotations: +{{ toYaml .Values.worker.podAnnotations | indent 8 }} + {{- end }} labels: app: {{ template "fullname" . }} release: "{{ .Release.Name }}" @@ -55,7 +59,11 @@ spec: - name: SENTRY_DB_PASSWORD valueFrom: secretKeyRef: + {{- if .Values.postgresql.existingSecret }} + name: {{ .Values.postgresql.existingSecret }} + {{- else }} name: {{ template "postgresql.fullname" . }} + {{- end }} key: postgres-password - name: SENTRY_POSTGRES_HOST value: {{ template "postgresql.fullname" . }} @@ -64,10 +72,14 @@ spec: - name: SENTRY_REDIS_PASSWORD valueFrom: secretKeyRef: + {{- if .Values.redis.existingSecret }} + name: {{ .Values.redis.existingSecret }} + {{- else }} name: {{ template "redis.fullname" . }} + {{- end }} key: redis-password - name: SENTRY_REDIS_HOST - value: {{ template "redis.fullname" . }} + value: {{ template "redis.fullname" . }}-master - name: SENTRY_REDIS_PORT value: "6379" - name: SENTRY_EMAIL_HOST @@ -88,5 +100,13 @@ spec: {{- if .Values.worker.env }} {{ toYaml .Values.worker.env | indent 8 }} {{- end }} + volumeMounts: + - mountPath: /etc/sentry + name: config + readOnly: true resources: {{ toYaml .Values.worker.resources | indent 12 }} + volumes: + - name: config + configMap: + name: {{ template "fullname" . }} diff --git a/stable/sentry/values.yaml b/stable/sentry/values.yaml index 2f5708ed2cf8..f84d5aef0684 100644 --- a/stable/sentry/values.yaml +++ b/stable/sentry/values.yaml @@ -3,7 +3,7 @@ # Declare variables to be passed into your templates. image: repository: sentry - tag: "8.22" + tag: "9.0" pullPolicy: IfNotPresent # Add the secret name to pull from a private registry. imagePullSecrets: [] @@ -149,3 +149,7 @@ postgresql: redis: persistence: enabled: true + +config: + configYml: "" + sentryConfPy: ""