Skip to content

Helm changes #5251

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
wants to merge 1 commit into from
Closed

Helm changes #5251

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
16 changes: 16 additions & 0 deletions deployment/helm/charts/onyx/templates/_helpers.tpl
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -81,3 +81,19 @@ Create env vars from secrets
{{- end }}
{{- end }}

{{/*
Define postgres host
*/}}
{{- define "onyx-stack.postgresHost" -}}
{{- if and .Values.postgres (hasKey .Values.postgres "host") -}}
{{- $host := .Values.postgres.host | trim -}}
{{- if eq $host "" -}}
{{ printf "%s-postgresql" .Release.Name }}
{{- else -}}
{{ $host }}
{{- end -}}
{{- else -}}
{{ printf "%s-postgresql" .Release.Name }}
{{- end -}}
{{- end }}

8 changes: 0 additions & 8 deletions deployment/helm/charts/onyx/templates/api-deployment.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -57,11 +57,3 @@ spec:
name: {{ .Values.config.envConfigMapName }}
env:
{{- include "onyx-stack.envSecrets" . | nindent 12}}
{{- with .Values.api.volumeMounts }}
volumeMounts:
{{- toYaml . | nindent 12 }}
{{- end }}
{{- with .Values.api.volumes }}
volumes:
{{- toYaml . | nindent 8 }}
{{- end }}
14 changes: 3 additions & 11 deletions deployment/helm/charts/onyx/templates/celery-beat.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -30,11 +30,11 @@ spec:
{{- end }}
serviceAccountName: {{ include "onyx-stack.serviceAccountName" . }}
securityContext:
{{- toYaml .Values.celery_shared.podSecurityContext | nindent 8 }}
{{- toYaml .Values.celery_beat.podSecurityContext | nindent 8 }}
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Template references undefined values .Values.celery_beat.podSecurityContext and .Values.celery_beat.securityContext

Prompt for AI agents 
Address the following comment on deployment/helm/charts/onyx/templates/celery-beat.yaml at line 33:

<comment>Template references undefined values .Values.celery_beat.podSecurityContext and .Values.celery_beat.securityContext</comment>

<file context>
@@ -30,11 +30,11 @@ spec:
       {{- end }}
       serviceAccountName: {{ include &quot;onyx-stack.serviceAccountName&quot; . }}
       securityContext:
-        {{- toYaml .Values.celery_shared.podSecurityContext | nindent 8 }}
+        {{- toYaml .Values.celery_beat.podSecurityContext | nindent 8 }}
       containers:
         - name: celery-beat
</file context>

containers:
- name: celery-beat
securityContext:
{{- toYaml .Values.celery_shared.securityContext | nindent 12 }}
{{- toYaml .Values.celery_beat.securityContext | nindent 12 }}
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Template references undefined value .Values.celery_beat.securityContext

Prompt for AI agents 
Address the following comment on deployment/helm/charts/onyx/templates/celery-beat.yaml at line 37:

<comment>Template references undefined value .Values.celery_beat.securityContext</comment>

<file context>
@@ -30,11 +30,11 @@ spec:
       {{- end }}
       serviceAccountName: {{ include &quot;onyx-stack.serviceAccountName&quot; . }}
       securityContext:
-        {{- toYaml .Values.celery_shared.podSecurityContext | nindent 8 }}
+        {{- toYaml .Values.celery_beat.podSecurityContext | nindent 8 }}
       containers:
         - name: celery-beat
           securityContext:
-            {{- toYaml .Values.celery_shared.securityContext | nindent 12 }}
</file context>

image: "{{ .Values.celery_shared.image.repository }}:{{ .Values.celery_shared.image.tag | default .Values.global.version }}"
imagePullPolicy: {{ .Values.global.pullPolicy }}
command:
Expand All @@ -52,10 +52,6 @@ spec:
name: {{ .Values.config.envConfigMapName }}
env:
{{- include "onyx-stack.envSecrets" . | nindent 12}}
{{- with .Values.celery_beat.volumeMounts }}
volumeMounts:
{{- toYaml . | nindent 12 }}
{{- end }}
startupProbe:
{{ .Values.celery_shared.startupProbe | toYaml | nindent 12}}
readinessProbe:
Expand All @@ -77,8 +73,4 @@ spec:
- >
python onyx/background/celery/celery_k8s_probe.py
--probe liveness
--filename /tmp/onyx_k8s_beat_liveness.txt
{{- with .Values.celery_beat.volumes }}
volumes:
{{- toYaml . | nindent 8 }}
{{- end }}
--filename /tmp/onyx_k8s_beat_liveness.txt
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

style: File missing newline at end - should end with a newline character for consistency

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

File should end with a newline character

Prompt for AI agents 
Address the following comment on deployment/helm/charts/onyx/templates/celery-beat.yaml at line 76:

<comment>File should end with a newline character</comment>

<file context>
@@ -77,8 +73,4 @@ spec:
                 - &gt;
                     python onyx/background/celery/celery_k8s_probe.py
                     --probe liveness
-                    --filename /tmp/onyx_k8s_beat_liveness.txt
-      {{- with .Values.celery_beat.volumes }}
-      volumes:
-        {{- toYaml . | nindent 8 }}
-      {{- end }}
+                    --filename /tmp/onyx_k8s_beat_liveness.txt
</file context>
Suggested change
--filename /tmp/onyx_k8s_beat_liveness.txt
--filename /tmp/onyx_k8s_beat_liveness.txt

18 changes: 5 additions & 13 deletions deployment/helm/charts/onyx/templates/celery-worker-docfetching.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -32,11 +32,11 @@ spec:
{{- end }}
serviceAccountName: {{ include "onyx-stack.serviceAccountName" . }}
securityContext:
{{- toYaml .Values.celery_shared.podSecurityContext | nindent 8 }}
{{- toYaml .Values.celery_worker_docfetching.podSecurityContext | nindent 8 }}
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Security context reference points to undefined field in values.yaml

Prompt for AI agents 
Address the following comment on deployment/helm/charts/onyx/templates/celery-worker-docfetching.yaml at line 35:

<comment>Security context reference points to undefined field in values.yaml</comment>

<file context>
@@ -32,11 +32,11 @@ spec:
       {{- end }}
       serviceAccountName: {{ include &quot;onyx-stack.serviceAccountName&quot; . }}
       securityContext:
-        {{- toYaml .Values.celery_shared.podSecurityContext | nindent 8 }}
+        {{- toYaml .Values.celery_worker_docfetching.podSecurityContext | nindent 8 }}
       containers:
         - name: celery-worker-docfetching
</file context>
Suggested change
{{- toYaml .Values.celery_worker_docfetching.podSecurityContext | nindent 8 }}
{{- toYaml .Values.celery_shared.podSecurityContext | nindent 8 }}

containers:
- name: celery-worker-docfetching
securityContext:
{{- toYaml .Values.celery_shared.securityContext | nindent 12 }}
{{- toYaml .Values.celery_worker_docfetching.securityContext | nindent 12 }}
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Container security context reference points to undefined field in values.yaml

Prompt for AI agents 
Address the following comment on deployment/helm/charts/onyx/templates/celery-worker-docfetching.yaml at line 39:

<comment>Container security context reference points to undefined field in values.yaml</comment>

<file context>
@@ -32,11 +32,11 @@ spec:
       {{- end }}
       serviceAccountName: {{ include &quot;onyx-stack.serviceAccountName&quot; . }}
       securityContext:
-        {{- toYaml .Values.celery_shared.podSecurityContext | nindent 8 }}
+        {{- toYaml .Values.celery_worker_docfetching.podSecurityContext | nindent 8 }}
       containers:
         - name: celery-worker-docfetching
           securityContext:
-            {{- toYaml .Values.celery_shared.securityContext | nindent 12 }}
</file context>
Suggested change
{{- toYaml .Values.celery_worker_docfetching.securityContext | nindent 12 }}
{{- toYaml .Values.celery_shared.securityContext | nindent 12 }}

image: "{{ .Values.celery_shared.image.repository }}:{{ .Values.celery_shared.image.tag | default .Values.global.version }}"
imagePullPolicy: {{ .Values.global.pullPolicy }}
command:
Expand All @@ -46,12 +46,12 @@ spec:
"onyx.background.celery.versioned_apps.docfetching",
"worker",
"--pool=threads",
"--concurrency=2",
"--concurrency=12",
"--prefetch-multiplier=1",
"--loglevel=INFO",
"--hostname=docfetching@%n",
"-Q",
"connector_doc_fetching,user_files_indexing",
"connector_doc_fetching",
]
resources:
{{- toYaml .Values.celery_worker_docfetching.resources | nindent 12 }}
Expand All @@ -60,10 +60,6 @@ spec:
name: {{ .Values.config.envConfigMapName }}
env:
{{- include "onyx-stack.envSecrets" . | nindent 12}}
{{- with .Values.celery_worker_docfetching.volumeMounts }}
volumeMounts:
{{- toYaml . | nindent 12 }}
{{- end }}
startupProbe:
{{ .Values.celery_shared.startupProbe | toYaml | nindent 12}}
readinessProbe:
Expand All @@ -85,8 +81,4 @@ spec:
- >
python onyx/background/celery/celery_k8s_probe.py
--probe liveness
--filename /tmp/onyx_k8s_docfetching_liveness.txt
{{- with .Values.celery_worker_docfetching.volumes }}
volumes:
{{- toYaml . | nindent 8 }}
{{- end }}
--filename /tmp/onyx_k8s_docfetching_liveness.txt
12 changes: 2 additions & 10 deletions deployment/helm/charts/onyx/templates/celery-worker-docprocessing.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -32,11 +32,11 @@ spec:
{{- end }}
serviceAccountName: {{ include "onyx-stack.serviceAccountName" . }}
securityContext:
{{- toYaml .Values.celery_shared.podSecurityContext | nindent 8 }}
{{- toYaml .Values.celery_worker_docprocessing.podSecurityContext | nindent 8 }}
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Template references undefined security context values that will cause Helm deployment failure

Prompt for AI agents 
Address the following comment on deployment/helm/charts/onyx/templates/celery-worker-docprocessing.yaml at line 35:

<comment>Template references undefined security context values that will cause Helm deployment failure</comment>

<file context>
@@ -32,11 +32,11 @@ spec:
       {{- end }}
       serviceAccountName: {{ include &quot;onyx-stack.serviceAccountName&quot; . }}
       securityContext:
-        {{- toYaml .Values.celery_shared.podSecurityContext | nindent 8 }}
+        {{- toYaml .Values.celery_worker_docprocessing.podSecurityContext | nindent 8 }}
       containers:
         - name: celery-worker-docprocessing
</file context>

containers:
- name: celery-worker-docprocessing
securityContext:
{{- toYaml .Values.celery_shared.securityContext | nindent 12 }}
{{- toYaml .Values.celery_worker_docprocessing.securityContext | nindent 12 }}
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Template references undefined container security context that will cause Helm deployment failure

Prompt for AI agents 
Address the following comment on deployment/helm/charts/onyx/templates/celery-worker-docprocessing.yaml at line 39:

<comment>Template references undefined container security context that will cause Helm deployment failure</comment>

<file context>
@@ -32,11 +32,11 @@ spec:
       {{- end }}
       serviceAccountName: {{ include &quot;onyx-stack.serviceAccountName&quot; . }}
       securityContext:
-        {{- toYaml .Values.celery_shared.podSecurityContext | nindent 8 }}
+        {{- toYaml .Values.celery_worker_docprocessing.podSecurityContext | nindent 8 }}
       containers:
         - name: celery-worker-docprocessing
           securityContext:
-            {{- toYaml .Values.celery_shared.securityContext | nindent 12 }}
</file context>

image: "{{ .Values.celery_shared.image.repository }}:{{ .Values.celery_shared.image.tag | default .Values.global.version }}"
imagePullPolicy: {{ .Values.global.pullPolicy }}
command:
Expand All @@ -62,10 +62,6 @@ spec:
- name: ENABLE_MULTIPASS_INDEXING
value: "{{ .Values.celery_worker_docprocessing.enableMiniChunk }}"
{{- include "onyx-stack.envSecrets" . | nindent 12}}
{{- with .Values.celery_worker_docprocessing.volumeMounts }}
volumeMounts:
{{- toYaml . | nindent 12 }}
{{- end }}
startupProbe:
{{ .Values.celery_shared.startupProbe | toYaml | nindent 12}}
readinessProbe:
Expand All @@ -88,7 +84,3 @@ spec:
python onyx/background/celery/celery_k8s_probe.py
--probe liveness
--filename /tmp/onyx_k8s_docprocessing_liveness.txt
{{- with .Values.celery_worker_docprocessing.volumes }}
volumes:
{{- toYaml . | nindent 8 }}
{{- end }}
12 changes: 2 additions & 10 deletions deployment/helm/charts/onyx/templates/celery-worker-heavy.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -32,11 +32,11 @@ spec:
{{- end }}
serviceAccountName: {{ include "onyx-stack.serviceAccountName" . }}
securityContext:
{{- toYaml .Values.celery_shared.podSecurityContext | nindent 8 }}
{{- toYaml .Values.celery_worker_heavy.podSecurityContext | nindent 8 }}
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Template references undefined values: celery_worker_heavy.podSecurityContext is not defined in values.yaml

Prompt for AI agents 
Address the following comment on deployment/helm/charts/onyx/templates/celery-worker-heavy.yaml at line 35:

<comment>Template references undefined values: celery_worker_heavy.podSecurityContext is not defined in values.yaml</comment>

<file context>
@@ -32,11 +32,11 @@ spec:
       {{- end }}
       serviceAccountName: {{ include &quot;onyx-stack.serviceAccountName&quot; . }}
       securityContext:
-        {{- toYaml .Values.celery_shared.podSecurityContext | nindent 8 }}
+        {{- toYaml .Values.celery_worker_heavy.podSecurityContext | nindent 8 }}
       containers:
         - name: celery-worker-heavy
</file context>
Suggested change
{{- toYaml .Values.celery_worker_heavy.podSecurityContext | nindent 8 }}
{{- toYaml (.Values.celery_worker_heavy.podSecurityContext | default .Values.celery_shared.podSecurityContext) | nindent 8 }}

containers:
- name: celery-worker-heavy
securityContext:
{{- toYaml .Values.celery_shared.securityContext | nindent 12 }}
{{- toYaml .Values.celery_worker_heavy.securityContext | nindent 12 }}
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Template references undefined values: celery_worker_heavy.securityContext is not defined in values.yaml

Prompt for AI agents 
Address the following comment on deployment/helm/charts/onyx/templates/celery-worker-heavy.yaml at line 39:

<comment>Template references undefined values: celery_worker_heavy.securityContext is not defined in values.yaml</comment>

<file context>
@@ -32,11 +32,11 @@ spec:
       {{- end }}
       serviceAccountName: {{ include &quot;onyx-stack.serviceAccountName&quot; . }}
       securityContext:
-        {{- toYaml .Values.celery_shared.podSecurityContext | nindent 8 }}
+        {{- toYaml .Values.celery_worker_heavy.podSecurityContext | nindent 8 }}
       containers:
         - name: celery-worker-heavy
           securityContext:
-            {{- toYaml .Values.celery_shared.securityContext | nindent 12 }}
</file context>
Suggested change
{{- toYaml .Values.celery_worker_heavy.securityContext | nindent 12 }}
{{- toYaml (.Values.celery_worker_heavy.securityContext | default .Values.celery_shared.securityContext) | nindent 12 }}

image: "{{ .Values.celery_shared.image.repository }}:{{ .Values.celery_shared.image.tag | default .Values.global.version }}"
imagePullPolicy: {{ .Values.global.pullPolicy }}
command:
Expand All @@ -57,10 +57,6 @@ spec:
name: {{ .Values.config.envConfigMapName }}
env:
{{- include "onyx-stack.envSecrets" . | nindent 12}}
{{- with .Values.celery_worker_heavy.volumeMounts }}
volumeMounts:
{{- toYaml . | nindent 12 }}
{{- end }}
startupProbe:
{{ .Values.celery_shared.startupProbe | toYaml | nindent 12}}
readinessProbe:
Expand All @@ -83,7 +79,3 @@ spec:
python onyx/background/celery/celery_k8s_probe.py
--probe liveness
--filename /tmp/onyx_k8s_heavy_liveness.txt
{{- with .Values.celery_worker_heavy.volumes }}
volumes:
{{- toYaml . | nindent 8 }}
{{- end }}
14 changes: 3 additions & 11 deletions deployment/helm/charts/onyx/templates/celery-worker-light.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -32,11 +32,11 @@ spec:
{{- end }}
serviceAccountName: {{ include "onyx-stack.serviceAccountName" . }}
securityContext:
{{- toYaml .Values.celery_shared.podSecurityContext | nindent 8 }}
{{- toYaml .Values.celery_worker_light.podSecurityContext | nindent 8 }}
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Security context fields referenced in template are not defined in values.yaml

Prompt for AI agents 
Address the following comment on deployment/helm/charts/onyx/templates/celery-worker-light.yaml at line 35:

<comment>Security context fields referenced in template are not defined in values.yaml</comment>

<file context>
@@ -32,11 +32,11 @@ spec:
       {{- end }}
       serviceAccountName: {{ include &quot;onyx-stack.serviceAccountName&quot; . }}
       securityContext:
-        {{- toYaml .Values.celery_shared.podSecurityContext | nindent 8 }}
+        {{- toYaml .Values.celery_worker_light.podSecurityContext | nindent 8 }}
       containers:
         - name: celery-worker-light
</file context>

containers:
- name: celery-worker-light
securityContext:
{{- toYaml .Values.celery_shared.securityContext | nindent 12 }}
{{- toYaml .Values.celery_worker_light.securityContext | nindent 12 }}
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Container security context field referenced in template is not defined in values.yaml

Prompt for AI agents 
Address the following comment on deployment/helm/charts/onyx/templates/celery-worker-light.yaml at line 39:

<comment>Container security context field referenced in template is not defined in values.yaml</comment>

<file context>
@@ -32,11 +32,11 @@ spec:
       {{- end }}
       serviceAccountName: {{ include &quot;onyx-stack.serviceAccountName&quot; . }}
       securityContext:
-        {{- toYaml .Values.celery_shared.podSecurityContext | nindent 8 }}
+        {{- toYaml .Values.celery_worker_light.podSecurityContext | nindent 8 }}
       containers:
         - name: celery-worker-light
           securityContext:
-            {{- toYaml .Values.celery_shared.securityContext | nindent 12 }}
</file context>

image: "{{ .Values.celery_shared.image.repository }}:{{ .Values.celery_shared.image.tag | default .Values.global.version }}"
imagePullPolicy: {{ .Values.global.pullPolicy }}
command:
Expand All @@ -48,7 +48,7 @@ spec:
"--loglevel=INFO",
"--hostname=light@%n",
"-Q",
"vespa_metadata_sync,connector_deletion,doc_permissions_upsert,checkpoint_cleanup,index_attempt_cleanup",
"vespa_metadata_sync,connector_deletion,doc_permissions_upsert,checkpoint_cleanup",
]
resources:
{{- toYaml .Values.celery_worker_light.resources | nindent 12 }}
Expand All @@ -57,10 +57,6 @@ spec:
name: {{ .Values.config.envConfigMapName }}
env:
{{- include "onyx-stack.envSecrets" . | nindent 12}}
{{- with .Values.celery_worker_light.volumeMounts }}
volumeMounts:
{{- toYaml . | nindent 12 }}
{{- end }}
startupProbe:
{{ .Values.celery_shared.startupProbe | toYaml | nindent 12}}
readinessProbe:
Expand All @@ -83,7 +79,3 @@ spec:
python onyx/background/celery/celery_k8s_probe.py
--probe liveness
--filename /tmp/onyx_k8s_light_liveness.txt
{{- with .Values.celery_worker_light.volumes }}
volumes:
{{- toYaml . | nindent 8 }}
{{- end }}
12 changes: 2 additions & 10 deletions deployment/helm/charts/onyx/templates/celery-worker-monitoring.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -32,11 +32,11 @@ spec:
{{- end }}
serviceAccountName: {{ include "onyx-stack.serviceAccountName" . }}
securityContext:
{{- toYaml .Values.celery_shared.podSecurityContext | nindent 8 }}
{{- toYaml .Values.celery_worker_monitoring.podSecurityContext | nindent 8 }}
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Template references undefined value .Values.celery_worker_monitoring.podSecurityContext

Prompt for AI agents 
Address the following comment on deployment/helm/charts/onyx/templates/celery-worker-monitoring.yaml at line 35:

<comment>Template references undefined value .Values.celery_worker_monitoring.podSecurityContext</comment>

<file context>
@@ -32,11 +32,11 @@ spec:
       {{- end }}
       serviceAccountName: {{ include &quot;onyx-stack.serviceAccountName&quot; . }}
       securityContext:
-        {{- toYaml .Values.celery_shared.podSecurityContext | nindent 8 }}
+        {{- toYaml .Values.celery_worker_monitoring.podSecurityContext | nindent 8 }}
       containers:
         - name: celery-worker-monitoring
</file context>
Suggested change
{{- toYaml .Values.celery_worker_monitoring.podSecurityContext | nindent 8 }}
{{- toYaml .Values.celery_shared.podSecurityContext | nindent 8 }}

containers:
- name: celery-worker-monitoring
securityContext:
{{- toYaml .Values.celery_shared.securityContext | nindent 12 }}
{{- toYaml .Values.celery_worker_monitoring.securityContext | nindent 12 }}
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Template references undefined value .Values.celery_worker_monitoring.securityContext

Prompt for AI agents 
Address the following comment on deployment/helm/charts/onyx/templates/celery-worker-monitoring.yaml at line 39:

<comment>Template references undefined value .Values.celery_worker_monitoring.securityContext</comment>

<file context>
@@ -32,11 +32,11 @@ spec:
       {{- end }}
       serviceAccountName: {{ include &quot;onyx-stack.serviceAccountName&quot; . }}
       securityContext:
-        {{- toYaml .Values.celery_shared.podSecurityContext | nindent 8 }}
+        {{- toYaml .Values.celery_worker_monitoring.podSecurityContext | nindent 8 }}
       containers:
         - name: celery-worker-monitoring
           securityContext:
-            {{- toYaml .Values.celery_shared.securityContext | nindent 12 }}
</file context>
Suggested change
{{- toYaml .Values.celery_worker_monitoring.securityContext | nindent 12 }}
{{- toYaml .Values.celery_shared.securityContext | nindent 12 }}

image: "{{ .Values.celery_shared.image.repository }}:{{ .Values.celery_shared.image.tag | default .Values.global.version }}"
imagePullPolicy: {{ .Values.global.pullPolicy }}
command:
Expand All @@ -57,10 +57,6 @@ spec:
name: {{ .Values.config.envConfigMapName }}
env:
{{- include "onyx-stack.envSecrets" . | nindent 12}}
{{- with .Values.celery_worker_monitoring.volumeMounts }}
volumeMounts:
{{- toYaml . | nindent 12 }}
{{- end }}
startupProbe:
{{ .Values.celery_shared.startupProbe | toYaml | nindent 12}}
readinessProbe:
Expand All @@ -83,7 +79,3 @@ spec:
python onyx/background/celery/celery_k8s_probe.py
--probe liveness
--filename /tmp/onyx_k8s_monitoring_liveness.txt
{{- with .Values.celery_worker_monitoring.volumes }}
volumes:
{{- toYaml . | nindent 8 }}
{{- end }}
12 changes: 2 additions & 10 deletions deployment/helm/charts/onyx/templates/celery-worker-primary.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -32,11 +32,11 @@ spec:
{{- end }}
serviceAccountName: {{ include "onyx-stack.serviceAccountName" . }}
securityContext:
{{- toYaml .Values.celery_shared.podSecurityContext | nindent 8 }}
{{- toYaml .Values.celery_worker_primary.podSecurityContext | nindent 8 }}
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Template references undefined podSecurityContext field, which will render as empty

Prompt for AI agents 
Address the following comment on deployment/helm/charts/onyx/templates/celery-worker-primary.yaml at line 35:

<comment>Template references undefined podSecurityContext field, which will render as empty</comment>

<file context>
@@ -32,11 +32,11 @@ spec:
       {{- end }}
       serviceAccountName: {{ include &quot;onyx-stack.serviceAccountName&quot; . }}
       securityContext:
-        {{- toYaml .Values.celery_shared.podSecurityContext | nindent 8 }}
+        {{- toYaml .Values.celery_worker_primary.podSecurityContext | nindent 8 }}
       containers:
         - name: celery-worker-primary
</file context>
Suggested change
{{- toYaml .Values.celery_worker_primary.podSecurityContext | nindent 8 }}
{{- toYaml (.Values.celery_worker_primary.podSecurityContext | default .Values.celery_shared.podSecurityContext) | nindent 8 }}

containers:
- name: celery-worker-primary
securityContext:
{{- toYaml .Values.celery_shared.securityContext | nindent 12 }}
{{- toYaml .Values.celery_worker_primary.securityContext | nindent 12 }}
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Template references undefined securityContext field, which will render as empty

Prompt for AI agents 
Address the following comment on deployment/helm/charts/onyx/templates/celery-worker-primary.yaml at line 39:

<comment>Template references undefined securityContext field, which will render as empty</comment>

<file context>
@@ -32,11 +32,11 @@ spec:
       {{- end }}
       serviceAccountName: {{ include &quot;onyx-stack.serviceAccountName&quot; . }}
       securityContext:
-        {{- toYaml .Values.celery_shared.podSecurityContext | nindent 8 }}
+        {{- toYaml .Values.celery_worker_primary.podSecurityContext | nindent 8 }}
       containers:
         - name: celery-worker-primary
           securityContext:
-            {{- toYaml .Values.celery_shared.securityContext | nindent 12 }}
</file context>
Suggested change
{{- toYaml .Values.celery_worker_primary.securityContext | nindent 12 }}
{{- toYaml (.Values.celery_worker_primary.securityContext | default .Values.celery_shared.securityContext) | nindent 12 }}

image: "{{ .Values.celery_shared.image.repository }}:{{ .Values.celery_shared.image.tag | default .Values.global.version }}"
imagePullPolicy: {{ .Values.global.pullPolicy }}
command:
Expand All @@ -57,10 +57,6 @@ spec:
name: {{ .Values.config.envConfigMapName }}
env:
{{- include "onyx-stack.envSecrets" . | nindent 12}}
{{- with .Values.celery_worker_primary.volumeMounts }}
volumeMounts:
{{- toYaml . | nindent 12 }}
{{- end }}
startupProbe:
{{ .Values.celery_shared.startupProbe | toYaml | nindent 12}}
readinessProbe:
Expand All @@ -83,7 +79,3 @@ spec:
python onyx/background/celery/celery_k8s_probe.py
--probe liveness
--filename /tmp/onyx_k8s_primary_liveness.txt
{{- with .Values.celery_worker_primary.volumes }}
volumes:
{{- toYaml . | nindent 8 }}
{{- end }}
15 changes: 5 additions & 10 deletions deployment/helm/charts/onyx/templates/celery-worker-user-files-indexing.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -32,11 +32,11 @@ spec:
{{- end }}
serviceAccountName: {{ include "onyx-stack.serviceAccountName" . }}
securityContext:
{{- toYaml .Values.celery_shared.podSecurityContext | nindent 8 }}
{{- toYaml .Values.celery_worker_user_files_indexing.podSecurityContext | nindent 8 }}
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Template references undefined security context values that don't exist in values.yaml

Prompt for AI agents 
Address the following comment on deployment/helm/charts/onyx/templates/celery-worker-user-files-indexing.yaml at line 35:

<comment>Template references undefined security context values that don&#39;t exist in values.yaml</comment>

<file context>
@@ -32,11 +32,11 @@ spec:
       {{- end }}
       serviceAccountName: {{ include &quot;onyx-stack.serviceAccountName&quot; . }}
       securityContext:
-        {{- toYaml .Values.celery_shared.podSecurityContext | nindent 8 }}
+        {{- toYaml .Values.celery_worker_user_files_indexing.podSecurityContext | nindent 8 }}
       containers:
         - name: celery-worker-user-files-indexing
</file context>
Suggested change
{{- toYaml .Values.celery_worker_user_files_indexing.podSecurityContext | nindent 8 }}
{{- toYaml .Values.celery_shared.podSecurityContext | nindent 8 }}

containers:
- name: celery-worker-user-files-indexing
securityContext:
{{- toYaml .Values.celery_shared.securityContext | nindent 12 }}
{{- toYaml .Values.celery_worker_user_files_indexing.securityContext | nindent 12 }}
image: "{{ .Values.celery_shared.image.repository }}:{{ .Values.celery_shared.image.tag | default .Values.global.version }}"
imagePullPolicy: {{ .Values.global.pullPolicy }}
command:
Expand All @@ -45,6 +45,9 @@ spec:
"-A",
"onyx.background.celery.versioned_apps.docfetching",
"worker",
"--pool=threads",
"--concurrency=2",
"--prefetch-multiplier=1",
"--loglevel=INFO",
"--hostname=user-files-indexing@%n",
"-Q",
Expand All @@ -57,10 +60,6 @@ spec:
name: {{ .Values.config.envConfigMapName }}
env:
{{- include "onyx-stack.envSecrets" . | nindent 12}}
{{- with .Values.celery_worker_user_files_indexing.volumeMounts }}
volumeMounts:
{{- toYaml . | nindent 12 }}
{{- end }}
startupProbe:
{{ .Values.celery_shared.startupProbe | toYaml | nindent 12}}
readinessProbe:
Expand All @@ -83,7 +82,3 @@ spec:
python onyx/background/celery/celery_k8s_probe.py
--probe liveness
--filename /tmp/onyx_k8s_userfilesindexing_liveness.txt
{{- with .Values.celery_worker_user_files_indexing.volumes }}
volumes:
{{- toYaml . | nindent 8 }}
{{- end }}
2 changes: 1 addition & 1 deletion deployment/helm/charts/onyx/templates/configmap.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@ metadata:
{{- include "onyx-stack.labels" . | nindent 4 }}
data:
INTERNAL_URL: "http://{{ include "onyx-stack.fullname" . }}-api-service:{{ .Values.api.service.port | default 8080 }}"
POSTGRES_HOST: {{ .Release.Name }}-postgresql
POSTGRES_HOST: {{ include "onyx-stack.postgresHost" . | quote }}
VESPA_HOST: {{ .Values.vespa.name }}.{{ .Values.vespa.service.name }}.{{ .Release.Namespace }}.svc.cluster.local
REDIS_HOST: {{ .Release.Name }}-redis-master
MODEL_SERVER_HOST: "{{ include "onyx-stack.fullname" . }}-inference-model-service"
Expand Down
13 changes: 3 additions & 10 deletions deployment/helm/charts/onyx/templates/indexing-model-deployment.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -24,9 +24,8 @@ spec:
{{- toYaml . | nindent 8 }}
{{- end }}
spec:
{{- if .Values.indexCapability.podSecurityContext }}
securityContext:
{{- toYaml .Values.indexCapability.podSecurityContext | nindent 8 }}
{{- if .Values.indexCapability.serviceAccountName }}
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Removal of security contexts eliminates important enterprise security controls without replacement

Prompt for AI agents 
Address the following comment on deployment/helm/charts/onyx/templates/indexing-model-deployment.yaml at line 27:

<comment>Removal of security contexts eliminates important enterprise security controls without replacement</comment>

<file context>
@@ -24,9 +24,8 @@ spec:
         {{- toYaml . | nindent 8 }}
         {{- end }}
     spec:
-      {{- if .Values.indexCapability.podSecurityContext }}
-      securityContext:
-        {{- toYaml .Values.indexCapability.podSecurityContext | nindent 8 }}
+      {{- if .Values.indexCapability.serviceAccountName }}
+      serviceAccountName: {{ .Values.indexCapability.serviceAccountName }}
       {{- end }}
</file context>

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Inconsistent serviceAccountName pattern compared to other deployments in the chart

Prompt for AI agents 
Address the following comment on deployment/helm/charts/onyx/templates/indexing-model-deployment.yaml at line 27:

<comment>Inconsistent serviceAccountName pattern compared to other deployments in the chart</comment>

<file context>
@@ -24,9 +24,8 @@ spec:
         {{- toYaml . | nindent 8 }}
         {{- end }}
     spec:
-      {{- if .Values.indexCapability.podSecurityContext }}
-      securityContext:
-        {{- toYaml .Values.indexCapability.podSecurityContext | nindent 8 }}
+      {{- if .Values.indexCapability.serviceAccountName }}
+      serviceAccountName: {{ .Values.indexCapability.serviceAccountName }}
       {{- end }}
</file context>

serviceAccountName: {{ .Values.indexCapability.serviceAccountName }}
{{- end }}
containers:
- name: {{ .Values.indexCapability.name }}
Expand All @@ -44,11 +43,5 @@ spec:
- name: INDEXING_ONLY
value: "{{ default "True" .Values.indexCapability.indexingOnly }}"
{{- include "onyx-stack.envSecrets" . | nindent 10}}
{{- if .Values.indexCapability.securityContext }}
securityContext:
{{- toYaml .Values.indexCapability.securityContext | nindent 10 }}
{{- end }}
{{- if .Values.indexCapability.resources }}
resources:
{{- toYaml .Values.indexCapability.resources | nindent 10 }}
{{- end }}
{{- toYaml .Values.indexCapability.resources | nindent 12 }}
14 changes: 3 additions & 11 deletions deployment/helm/charts/onyx/templates/inference-model-deployment.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -20,9 +20,8 @@ spec:
{{ .key }}: {{ .value }}
{{- end }}
spec:
{{- if .Values.inferenceCapability.podSecurityContext }}
securityContext:
{{- toYaml .Values.inferenceCapability.podSecurityContext | nindent 8 }}
{{- if .Values.inferenceCapability.serviceAccountName }}
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Removing security contexts may compromise enterprise security requirements. Consider keeping both pod and container security contexts configurable.

Prompt for AI agents 
Address the following comment on deployment/helm/charts/onyx/templates/inference-model-deployment.yaml at line 23:

<comment>Removing security contexts may compromise enterprise security requirements. Consider keeping both pod and container security contexts configurable.</comment>

<file context>
@@ -20,9 +20,8 @@ spec:
         {{ .key }}: {{ .value }}
         {{- end }}
     spec:
-      {{- if .Values.inferenceCapability.podSecurityContext }}
-      securityContext:
-        {{- toYaml .Values.inferenceCapability.podSecurityContext | nindent 8 }}
+      {{- if .Values.inferenceCapability.serviceAccountName }}
+      serviceAccountName: {{ .Values.inferenceCapability.serviceAccountName }}
       {{- end }}
</file context>

serviceAccountName: {{ .Values.inferenceCapability.serviceAccountName }}
{{- end }}
containers:
- name: model-server-inference
Expand All @@ -38,12 +37,5 @@ spec:
name: {{ .Values.config.envConfigMapName }}
env:
{{- include "onyx-stack.envSecrets" . | nindent 12}}
{{- if .Values.inferenceCapability.securityContext }}
securityContext:
{{- toYaml .Values.inferenceCapability.securityContext | nindent 10 }}
{{- end }}
{{- if .Values.inferenceCapability.resources }}
resources:
{{- toYaml .Values.inferenceCapability.resources | nindent 10 }}
{{- end }}

{{- toYaml .Values.inferenceCapability.resources | nindent 12 }}
Loading
Loading