Merge branch 'master' into add-securitycontext-to-init-container

concourse · Oct 31, 2023 · 8949053 · 8949053
2 parents 3bd3226 + d27fc91
commit 8949053
Show file tree

Hide file tree

Showing 8 changed files with 108 additions and 7 deletions.
diff --git a/Chart.yaml b/Chart.yaml
@@ -1,8 +1,8 @@
 apiVersion: v2
 name: concourse
 type: application
-version: 17.2.0
-appVersion: 7.9.0
+version: 17.2.1
+appVersion: 7.11.0
 description: Concourse is a simple and scalable CI system.
 icon: https://avatars1.githubusercontent.com/u/7809479
 keywords:

diff --git a/README.md b/README.md
@@ -87,13 +87,14 @@ The following table lists the configurable parameters of the Concourse chart and
 | `imageDigest` | Specific image digest to use in place of a tag. | `nil` |
 | `imagePullPolicy` | Concourse image pull policy | `IfNotPresent` |
 | `imagePullSecrets` | Array of imagePullSecrets in the namespace for pulling images | `[]` |
-| `imageTag` | Concourse image version | `7.9.0` |
+| `imageTag` | Concourse image version | `7.11.0` |
 | `image` | Concourse image | `concourse/concourse` |
 | `nameOverride` | Provide a name in place of `concourse` for `app:` labels | `nil` |
 | `persistence.enabled` | Enable Concourse persistence using Persistent Volume Claims | `true` |
 | `persistence.worker.accessMode` | Concourse Worker Persistent Volume Access Mode | `ReadWriteOnce` |
 | `persistence.worker.size` | Concourse Worker Persistent Volume Storage Size | `20Gi` |
 | `persistence.worker.storageClass` | Concourse Worker Persistent Volume Storage Class | `generic` |
+| `persistence.worker.labels` | Concourse Worker Persistent Volume Labels | `{}` |
 | `postgresql.enabled` | Enable PostgreSQL as a chart dependency | `true` |
 | `postgresql.persistence.accessModes` | Persistent Volume Access Mode | `["ReadWriteOnce"]` |
 | `postgresql.persistence.enabled` | Enable PostgreSQL persistence using Persistent Volume Claims | `true` |
@@ -199,6 +200,7 @@ The following table lists the configurable parameters of the Concourse chart and
 | `web.ingress.tls` | Concourse Web Ingress TLS configuration | `[]` |
 | `web.keySecretsPath` | Specify the mount directory of the web keys secrets | `/concourse-keys` |
 | `web.labels`| Additional labels to be added to the web deployment `metadata.labels` | `{}` |
+| `web.deploymentAnnotations` | Additional annotations to be added to the web deployment `metadata.annotations` | `{}` |
 | `web.livenessProbe.failureThreshold` | Minimum consecutive failures for the probe to be considered failed after having succeeded | `5` |
 | `web.livenessProbe.httpGet.path` | Path to access on the HTTP server when performing the healthcheck | `/api/v1/info` |
 | `web.livenessProbe.httpGet.port` | Name or number of the port to access on the container | `atc` |
@@ -250,6 +252,7 @@ The following table lists the configurable parameters of the Concourse chart and
 | `web.vaultSecretsPath` | Specify the mount directory of the web vault secrets | `/concourse-vault` |
 | `worker.additionalAffinities` | Additional affinities to apply to worker pods. E.g: node affinity | `{}` |
 | `worker.additionalVolumeMounts` | VolumeMounts to be added to the worker pods | `nil` |
+| `worker.additionalPorts` | Additional ports to be added to worker pods | `[]` |
 | `worker.additionalVolumes` | Volumes to be added to the worker pods | `nil` |
 | `worker.annotations` | Annotations to be added to the worker pods | `{}` |
 | `worker.autoscaling` | Enable and configure pod autoscaling | `{}` |
@@ -260,6 +263,7 @@ The following table lists the configurable parameters of the Concourse chart and
 | `worker.hardAntiAffinity` | Should the workers be forced (as opposed to preferred) to be on different nodes? | `false` |
 | `worker.hardAntiAffinityLabels` | Set of labels used for hard anti affinity rule | `{}` |
 | `worker.keySecretsPath` | Specify the mount directory of the worker keys secrets | `/concourse-keys` |
+| `worker.deploymentAnnotations` | Additional annotations to be added to the worker deployment `metadata.annotations` | `{}` |
 | `worker.certsPath` | Specify the path for additional worker certificates | `/etc/ssl/certs` |
 | `worker.kind` | Choose between `StatefulSet` to preserve state or `Deployment` for ephemeral workers | `StatefulSet` |
 | `worker.livenessProbe.failureThreshold` | Minimum consecutive failures for the probe to be considered failed after having succeeded | `5` |

diff --git a/templates/web-deployment.yaml b/templates/web-deployment.yaml
@@ -3,6 +3,10 @@ apiVersion: {{ template "concourse.deployment.apiVersion" . }}
 kind: Deployment
 metadata:
   name: {{ template "concourse.web.fullname" . }}
+  {{- if .Values.web.deploymentAnnotations }}
+  annotations:
+{{ toYaml .Values.web.deploymentAnnotations | indent 4 }}
+  {{- end }}
   labels:
     app: {{ template "concourse.web.fullname" . }}
     chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
@@ -115,6 +119,10 @@ spec:
             - name: CONCOURSE_DEFAULT_TASK_TIMEOUT
               value: {{ .Values.concourse.web.defaultTaskTimeout | quote }}
             {{- end }}
+            {{- if .Values.concourse.web.numGoroutineThreshold }}
+            - name: CONCOURSE_NUM_GOROUTINE_THRESHOLD
+              value: {{ .Values.concourse.web.numGoroutineThreshold | quote }}
+            {{- end }}
             {{- if .Values.concourse.web.apiMaxConns }}
             - name: CONCOURSE_API_MAX_CONNS
               value: {{ .Values.concourse.web.apiMaxConns | quote }}
@@ -363,6 +371,10 @@ spec:
             - name: CONCOURSE_STREAMING_ARTIFACTS_COMPRESSION
               value: {{ .Values.concourse.web.streamingArtifactsCompression | quote }}
             {{- end }}
+            {{- if .Values.concourse.web.streamingSizeLimitation }}
+            - name: CONCOURSE_STREAMING_SIZE_LIMITATION
+              value: {{ .Values.concourse.web.streamingSizeLimitation | quote }}
+            {{- end }}
             {{- if .Values.concourse.web.debugBindIp }}
             - name: CONCOURSE_DEBUG_BIND_IP
               value: {{ .Values.concourse.web.debugBindIp | quote }}
@@ -480,6 +492,14 @@ spec:
             - name: CONCOURSE_DEFAULT_TASK_MEMORY_LIMIT
               value: {{ .Values.concourse.web.defaultTaskMemoryLimit | quote }}
             {{- end }}
+            {{- if .Values.concourse.web.numGoroutineThreshold }}
+            - name: CONCOURSE_NUM_GOROUTINE_THRESHOLD
+              value: {{ .Values.concourse.web.numGoroutineThreshold | quote }}
+            {{- end }}
+            {{- if .Values.concourse.web.dbNotificationBusQueueSize }}
+            - name: CONCOURSE_DB_NOTIFICATION_BUS_QUEUE_SIZE
+              value: {{ .Values.concourse.web.dbNotificationBusQueueSize | quote }}
+            {{- end }}
 {{- include "concourse.postgresql.env" . | indent 12 }}
             {{- if .Values.concourse.web.kubernetes.enabled }}
             - name: CONCOURSE_KUBERNETES_IN_CLUSTER

diff --git a/templates/worker-deployment.yaml b/templates/worker-deployment.yaml
@@ -4,6 +4,10 @@ apiVersion: {{ template "concourse.deployment.apiVersion" . }}
 kind: Deployment
 metadata:
   name: {{ template "concourse.worker.fullname" . }}
+  {{- if .Values.worker.deploymentAnnotations }}
+  annotations:
+{{ toYaml .Values.worker.deploymentAnnotations | indent 4 }}
+  {{- end }}
   labels:
     app: {{ template "concourse.worker.fullname" . }}
     chart: "{{ .Chart.Name }}-{{ .Chart.Version }}"
@@ -90,6 +94,9 @@ spec:
           ports:
             - name: worker-hc
               containerPort: {{ .Values.concourse.worker.healthcheckBindPort }}
+{{- if .Values.worker.additionalPorts }}
+{{ toYaml .Values.worker.additionalPorts | indent 12 }}
+{{- end }}
 {{- if .Values.worker.resources }}
           resources:
 {{ toYaml .Values.worker.resources | indent 12 }}

diff --git a/templates/worker-horizontal-pod-autoscaler.yaml b/templates/worker-horizontal-pod-autoscaler.yaml
@@ -1,6 +1,10 @@
 {{- if  .Values.concourse.worker.autoscaling }}
   {{- if .Values.concourse.worker.autoscaling.maxReplicas }}
+{{- if semverCompare ">=1.23-0" .Capabilities.KubeVersion.GitVersion -}}
+apiVersion: autoscaling/v2
+{{- else -}}
 apiVersion: autoscaling/v2beta2
+{{- end }}
 kind: HorizontalPodAutoscaler
 metadata:
   name: {{ template "concourse.worker.fullname" . }}
@@ -29,4 +33,3 @@ spec:
     name: {{ template "concourse.worker.fullname" . }}
   {{- end }}
 {{- end }}
-
diff --git a/templates/worker-policy.yaml b/templates/worker-policy.yaml
@@ -1,5 +1,9 @@
 {{- if .Values.worker.enabled -}}
+{{- if semverCompare ">=1.21-0" .Capabilities.KubeVersion.GitVersion -}}
 apiVersion: policy/v1
+{{- else -}}
+apiVersion: policy/v1beta1
+{{- end }}
 kind: PodDisruptionBudget
 metadata:
   name: {{ template "concourse.worker.fullname" . }}

diff --git a/templates/worker-statefulset.yaml b/templates/worker-statefulset.yaml
@@ -53,11 +53,13 @@ spec:
       {{- if .Values.worker.terminationGracePeriodSeconds }}
       terminationGracePeriodSeconds: {{ .Values.worker.terminationGracePeriodSeconds }}
       {{- end }}
-      {{- if .Values.worker.cleanUpWorkDirOnStart }}
+      {{- if or .Values.worker.cleanUpWorkDirOnStart .Values.worker.extraInitContainers }}
       initContainers:
+      {{- end }}
       {{- if .Values.worker.extraInitContainers }}
       {{- toYaml .Values.worker.extraInitContainers | nindent 8 }}
       {{- end }}
+      {{- if .Values.worker.cleanUpWorkDirOnStart }}
         - name: {{ template "concourse.worker.fullname" . }}-init-rm
           {{- if .Values.imageDigest }}
           image: "{{ .Values.image }}@{{ .Values.imageDigest }}"
@@ -115,6 +117,9 @@ spec:
           ports:
             - name: worker-hc
               containerPort: {{ .Values.concourse.worker.healthcheckBindPort }}
+{{- if .Values.worker.additionalPorts }}
+{{ toYaml .Values.worker.additionalPorts | indent 12 }}
+{{- end }}
 {{- if .Values.worker.resources }}
           resources:
 {{ toYaml .Values.worker.resources | indent 12 }}
@@ -195,6 +200,12 @@ spec:
   volumeClaimTemplates:
     - metadata:
         name: concourse-work-dir
+      {{- if .Values.persistence.worker.labels }}
+        labels:
+      {{- with .Values.persistence.worker.labels }}
+{{ toYaml . | trim | indent 10 }}
+      {{- end }}
+      {{- end }}
       spec:
       {{- if .Values.persistence.worker.selector }}
         selector: {{- .Values.persistence.worker.selector | toYaml | nindent 10 }}

diff --git a/values.yaml b/values.yaml
@@ -21,7 +21,7 @@ image: concourse/concourse
 ##      of `concourse/concourse`.
 ## Ref: https://hub.docker.com/r/concourse/concourse/tags/
 ##
-imageTag: "7.9.0"
+imageTag: "7.11.0"
 
 ## Specific image digest to use in place of a tag.
 ## Ref: https://kubernetes.io/docs/concepts/configuration/overview/#container-images
@@ -92,6 +92,12 @@ concourse:
     ##
     defaultTaskTimeout:
 
+    ## Work will be distributed to other ATCs when this number of go routines is reached.
+    ##
+    ## Example: 50000
+    ##
+    numGoroutineThreshold:
+
     ## The maximum number of open connections for the API connection pool.
     ##
     apiMaxConns:
@@ -314,10 +320,14 @@ concourse:
     ##
     baseResourceTypeDefaults: ""
 
-    ## Compression to use when streaming artifacts (values: zstd, gzip)
+    ## Compression to use when streaming artifacts (values: zstd, gzip, raw)
     ##
     streamingArtifactsCompression:
 
+    ## Internal volume streaming size limitation in MB. In case of small limitation
+    ## needed, float can be used like 0.01.
+    streamingSizeLimitation:
+
     ## Method by which a worker is selected during container placement.
     ## Possible values: volume-locality | random | fewest-build-containers | limit-active-tasks | limit-active-containers | limit-active-volumes
     containerPlacementStrategy: volume-locality
@@ -439,6 +449,13 @@ concourse:
     ##
     defaultTaskMemoryLimit:
 
+    ## Work will be distributed to other ATCs when this number of go routines is reached.
+    numGoroutineThreshold:
+
+    ## DB notification bus queue size, default is 10000. If UI often misses loading
+    ## running build logs, then consider to increase the queue size.
+    dbNotificationBusQueueSize: 10000
+
     ## The number of days after which a pipeline will be automatically paused #
     ## if none of its jobs have run in less than the given number of days. A #
     ## value of zero disables this component. If not set the component is
@@ -2146,6 +2163,17 @@ web:
   ##
   labels: {}
 
+  ## Additional Annotations to be added to the web deployment
+  ## Per Kubernetes spec, the values of each annotation must be a string.
+  ##
+  ## Example:
+  ##   key1: "value1"
+  ##   key2: "value2"
+  ##
+  ## Ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
+  ##
+  deploymentAnnotations: {}
+
   ## Additional Labels to be added to the web pods.
   ##
   ## Example:
@@ -2473,6 +2501,27 @@ worker:
   ##     mountPath: /baggageclaim
   ##
   additionalVolumeMounts: []
+
+  ## Additional ports to be added to worker pods
+  ## Example:
+  ##   - containerPort: 7788
+  ##     name: worker-bc
+  ##     protocol: TCP
+  ##
+  ## Ref: https://kubernetes.io/docs/concepts/workloads/pods/
+  ##
+  additionalPorts: []
+
+  ## Additional Annotations to be added to the web deployment
+  ## Per Kubernetes spec, the values of each annotation must be a string.
+  ##
+  ## Example:
+  ##   key1: "value1"
+  ##   key2: "value2"
+  ##
+  ## Ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/
+  ##
+  deploymentAnnotations: {}
 
   ## Additional Labels to be added to the worker pods.
   ##
@@ -2634,6 +2683,9 @@ persistence:
     #   matchLabels:
     #     app-volume: "concourse"
 
+    # Add labels to worker volumeClaimTemplate
+    labels: {}
+
 ## Configuration values for the postgresql dependency.
 ## Ref: https://artifacthub.io/packages/helm/bitnami/postgresql/11.9.8
 ##