Upgrade Tornjak to new image v1.2.1 (#299)

This upgrade enables the production version of React in Tornjak Frontend
with a smaller footprint and faster startup time.

Using Tornjak v1.2.1 release
https://github.com/spiffe/tornjak/releases/tag/v1.2.1

---------

Signed-off-by: Mariusz Sabath <mrsabath@gmail.com>

charts/spire/README.md

@@ -371,8 +371,10 @@ Kubernetes: `>=1.21.0-0`
 | spire-server.topologySpreadConstraints | list | `[]` |  |
 | spire-server.tornjak.config.dataStore | object | `{"driver":"sqlite3","file":"/run/spire/data/tornjak.sqlite3"}` | persistent DB for storing Tornjak specific information |
 | spire-server.tornjak.enabled | bool | `false` | Deploys Tornjak API (backend) (Not for production) |
-| spire-server.tornjak.image | object | `{"pullPolicy":"IfNotPresent","registry":"ghcr.io","repository":"spiffe/tornjak-backend","tag":"v1.2.0","version":""}` | Tornjak API image |
-| spire-server.tornjak.image.tag | string | `"v1.2.0"` | Overrides the image tag |
+| spire-server.tornjak.image.pullPolicy | string | `"IfNotPresent"` | The Tornjak image pull policy |
+| spire-server.tornjak.image.registry | string | `"ghcr.io"` | The OCI registry to pull the Tornjak image from |
+| spire-server.tornjak.image.repository | string | `"spiffe/tornjak-backend"` | The repository within the registry |
+| spire-server.tornjak.image.tag | string | `"v1.2.1"` | Overrides the image tag |
 | spire-server.tornjak.image.version | string | `""` | This value is deprecated in favor of tag. (Will be removed in a future release) |
 | spire-server.tornjak.resources | object | `{}` |  |
 | spire-server.tornjak.service.annotations | object | `{}` |  |
@@ -415,6 +417,12 @@ Kubernetes: `>=1.21.0-0`
 | tornjak-frontend.serviceAccount.create | bool | `true` | Specifies whether a service account should be created |
 | tornjak-frontend.serviceAccount.name | string | `""` | The name of the service account to use. If not set and create is true, a name is generated using the fullname template |
 | tornjak-frontend.spireHealthCheck.enabled | bool | `true` | Enables the SPIRE Healthchecker indicator |
+| tornjak-frontend.startupProbe.enabled | bool | `true` | Enable startupProbe on Tornjak frontend container |
+| tornjak-frontend.startupProbe.failureThreshold | int | `6` | Failure threshold for startupProbe |
+| tornjak-frontend.startupProbe.initialDelaySeconds | int | `5` | Initial delay seconds for startupProbe |
+| tornjak-frontend.startupProbe.periodSeconds | int | `10` | Period seconds for startupProbe |
+| tornjak-frontend.startupProbe.successThreshold | int | `1` | Success threshold for startupProbe |
+| tornjak-frontend.startupProbe.timeoutSeconds | int | `5` | Timeout seconds for startupProbe |
 | tornjak-frontend.tolerations | list | `[]` |  |
 | tornjak-frontend.topologySpreadConstraints | list | `[]` |  |
 

charts/spire/charts/spire-server/README.md

@@ -125,8 +125,10 @@ A Helm chart to install the SPIRE server.
 | topologySpreadConstraints | list | `[]` |  |
 | tornjak.config.dataStore | object | `{"driver":"sqlite3","file":"/run/spire/data/tornjak.sqlite3"}` | persistent DB for storing Tornjak specific information |
 | tornjak.enabled | bool | `false` | Deploys Tornjak API (backend) (Not for production) |
-| tornjak.image | object | `{"pullPolicy":"IfNotPresent","registry":"ghcr.io","repository":"spiffe/tornjak-backend","tag":"v1.2.0","version":""}` | Tornjak API image |
-| tornjak.image.tag | string | `"v1.2.0"` | Overrides the image tag |
+| tornjak.image.pullPolicy | string | `"IfNotPresent"` | The Tornjak image pull policy |
+| tornjak.image.registry | string | `"ghcr.io"` | The OCI registry to pull the Tornjak image from |
+| tornjak.image.repository | string | `"spiffe/tornjak-backend"` | The repository within the registry |
+| tornjak.image.tag | string | `"v1.2.1"` | Overrides the image tag |
 | tornjak.image.version | string | `""` | This value is deprecated in favor of tag. (Will be removed in a future release) |
 | tornjak.resources | object | `{}` |  |
 | tornjak.service.annotations | object | `{}` |  |

charts/spire/charts/spire-server/templates/statefulset.yaml

@@ -174,9 +174,9 @@ spec:
             successThreshold: 1
             timeoutSeconds: 5
           args:
-            - -c
+            - --spire-config
             - /run/spire/config/server.conf
-            - -t
+            - --tornjak-config
             - /run/spire/tornjak-config/server.conf
           ports:
             - name: tornjak

charts/spire/charts/spire-server/templates/tornjak-config.yaml

@@ -7,7 +7,12 @@ metadata:
 data:
   server.conf: |
     server {
-      metadata = "insert metadata"
+      spire_socket_path = "unix:///tmp/spire-server/private/api.sock" # socket to communicate with SPIRE server
+
+      http {
+        enabled = true # if true, opens HTTP server
+        port = "10000" # if HTTP enabled, opens HTTP listen port at container port 10000
+      }
     }
 
     plugins {

charts/spire/charts/spire-server/values.yaml

@@ -311,15 +311,17 @@ nodeAttestor:
 tornjak:
   # -- Deploys Tornjak API (backend) (Not for production)
   enabled: false
-  # -- Tornjak API image
   image:
+    # -- The OCI registry to pull the Tornjak image from
     registry: ghcr.io
+    # -- The repository within the registry
     repository: spiffe/tornjak-backend
+    # -- The Tornjak image pull policy
     pullPolicy: IfNotPresent
     # -- This value is deprecated in favor of tag. (Will be removed in a future release)
     version: ""
     # -- Overrides the image tag
-    tag: "v1.2.0"
+    tag: "v1.2.1"
   service:
     type: ClusterIP
     port: 10000

charts/spire/charts/tornjak-frontend/Chart.yaml

@@ -3,7 +3,7 @@ name: tornjak-frontend
 description: A Helm chart to deploy Tornjak frontend
 type: application
 version: 0.1.0
-appVersion: "v1.2.0"
+appVersion: "v1.2.1"
 home: https://github.com/spiffe/helm-charts/tree/main/charts/spire
 sources:
   - https://github.com/spiffe/tornjak

charts/spire/charts/tornjak-frontend/README.md

@@ -2,7 +2,7 @@
 
 <!-- This README.md is generated. Please edit README.md.gotmpl -->
 
-![Version: 0.1.0](https://img.shields.io/badge/Version-0.1.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v1.2.0](https://img.shields.io/badge/AppVersion-v1.2.0-informational?style=flat-square)
+![Version: 0.1.0](https://img.shields.io/badge/Version-0.1.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: v1.2.1](https://img.shields.io/badge/AppVersion-v1.2.1-informational?style=flat-square)
 [![Development Phase](https://github.com/spiffe/spiffe/blob/main/.img/maturity/dev.svg)](https://github.com/spiffe/spiffe/blob/main/MATURITY.md#development)
 
 A Helm chart to deploy Tornjak frontend
@@ -71,6 +71,12 @@ port forwarding. See the chart NOTES output for more details.
 | serviceAccount.create | bool | `true` | Specifies whether a service account should be created |
 | serviceAccount.name | string | `""` | The name of the service account to use. If not set and create is true, a name is generated using the fullname template |
 | spireHealthCheck.enabled | bool | `true` | Enables the SPIRE Healthchecker indicator |
+| startupProbe.enabled | bool | `true` | Enable startupProbe on Tornjak frontend container |
+| startupProbe.failureThreshold | int | `6` | Failure threshold for startupProbe |
+| startupProbe.initialDelaySeconds | int | `5` | Initial delay seconds for startupProbe |
+| startupProbe.periodSeconds | int | `10` | Period seconds for startupProbe |
+| startupProbe.successThreshold | int | `1` | Success threshold for startupProbe |
+| startupProbe.timeoutSeconds | int | `5` | Timeout seconds for startupProbe |
 | tolerations | list | `[]` |  |
 | topologySpreadConstraints | list | `[]` |  |
 ----------------------------------------------

charts/spire/charts/tornjak-frontend/templates/deployment.yaml

@@ -39,18 +39,20 @@ spec:
             - name: REACT_APP_SPIRE_HEALTH_CHECK_ENABLE
               value: "{{ .Values.spireHealthCheck.enabled }}"
             {{- end }}
+          {{- if .Values.startupProbe.enabled }}
           startupProbe:
             httpGet:
               scheme: HTTP
               port: {{ .Values.service.port }}
-            failureThreshold: 6
-            initialDelaySeconds: 120
-            periodSeconds: 45
-            successThreshold: 1
-            timeoutSeconds: 20
+            failureThreshold: {{ .Values.startupProbe.failureThreshold }}
+            initialDelaySeconds: {{ .Values.startupProbe.initialDelaySeconds }}
+            periodSeconds: {{ .Values.startupProbe.periodSeconds }}
+            successThreshold: {{ .Values.startupProbe.successThreshold }}
+            timeoutSeconds: {{ .Values.startupProbe.timeoutSeconds }}
+          {{- end }}
           volumeMounts:
             - name: cache
-              mountPath: /usr/src/app/node_modules/.cache
+              mountPath: /usr/src/app/
       {{- with .Values.nodeSelector }}
       nodeSelector:
         {{- toYaml . | nindent 8 }}

charts/spire/charts/tornjak-frontend/values.yaml

@@ -71,3 +71,20 @@ apiServerURL: "http://localhost:10000/"  # 👈 Use it for minikube or kind
 spireHealthCheck:
   # -- Enables the SPIRE Healthchecker indicator
   enabled: true
+
+## Configure extra options for Tornjak frontend container's startup probe
+## ref: https://kubernetes.io/docs/tasks/configure-pod-container/configure-liveness-readiness-startup-probes/#define-startup-probes
+##
+startupProbe:
+  # -- Enable startupProbe on Tornjak frontend container
+  enabled: true
+  # -- Initial delay seconds for startupProbe
+  initialDelaySeconds: 5
+  # -- Period seconds for startupProbe
+  periodSeconds: 10
+  # -- Timeout seconds for startupProbe
+  timeoutSeconds: 5
+  # -- Failure threshold for startupProbe
+  failureThreshold: 6
+  # -- Success threshold for startupProbe
+  successThreshold: 1