Flagsmith · rolodato · Jan 8, 2025 · Jan 7, 2025 · Jan 7, 2025 · Jan 7, 2025
@@ -24,9 +24,9 @@ jobs:
         with:
           version: v3.4.1
 
-      - uses: actions/setup-python@v2
+      - uses: actions/setup-python@v5
         with:
-          python-version: 3.7
+          python-version: 3.11
 
       - name: Set up chart-testing
         uses: helm/[email protected]

@@ -2,7 +2,7 @@ apiVersion: v2
 name: flagsmith
 description: Flagsmith
 type: application
-version: 0.62.0
+version: 0.63.0
 appVersion: 2.157.1
 dependencies:
   - name: postgresql

@@ -104,3 +104,12 @@
 - name: LOG_FORMAT
   value: {{ .Values.api.logging.format }}
 {{- end }}
+{{- if .Values.sse.enabled }}
+- name: SSE_AUTHENTICATION_TOKEN
+  valueFrom:
+    secretKeyRef:
+      name: {{ include "flagsmith.fullname" . }}-sse
+      key: SSE_AUTHENTICATION_TOKEN
+- name: SSE_SERVER_BASE_URL
+  value: http://{{ include "flagsmith.fullname" . }}-sse.{{ .Release.Namespace }}:{{ .Values.service.sse.port }}
+{{- end }}
@@ -345,3 +345,11 @@ Replicas
 replicas: {{ . }}
 {{- end }}
 {{- end }}
+
+
+{{/*
+Real-time flag updates (SSE)
+*/}}
+{{- define "flagsmith.sse.authenticationToken" -}}
+{{- randAlphaNum 50 -}}
+{{- end }}
@@ -0,0 +1,16 @@
+{{- range $envName, $envValue := .Values.sse.extraEnv }}
+- name: {{ $envName }}
+  value: {{ $envValue | quote }}
+{{- end }}
+{{- range $envName, $secretKeyRef := .Values.sse.extraEnvFromSecret }}
+- name: {{ $envName }}
+  valueFrom:
+    secretKeyRef:
+      name: {{ $secretKeyRef.secretName }}
+      key: {{ $secretKeyRef.secretKey }}
+{{- end }}
+- name: SSE_AUTHENTICATION_TOKEN
+  valueFrom:
+    secretKeyRef:
+      name: {{ include "flagsmith.fullname" . }}-sse
+      key: SSE_AUTHENTICATION_TOKEN
@@ -18,4 +18,4 @@
 {{- range $envName, $envValue := .Values.taskProcessor.extraEnv }}
 - name: {{ $envName }}
   value: {{ $envValue | quote }}
-{{- end }}
+{{- end }}
@@ -0,0 +1,112 @@
+{{- if .Values.sse.enabled }}
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: {{ template "flagsmith.fullname" . }}-sse
+  {{- $annotations := include "flagsmith.annotations" .Values.common }}
+  {{- with $annotations }}
+  annotations:
+    {{- . | nindent 4 }}
+  {{- end }}
+  labels:
+    {{- include "flagsmith.labels" . | nindent 4 }}
+    app.kubernetes.io/component: sse
+spec:
+  selector:
+    matchLabels:
+      {{- include "flagsmith.selectorLabels" . | nindent 6 }}
+      app.kubernetes.io/component: sse
+  {{- with .Values.sse.deploymentStrategy }}
+  strategy: {{- . | toYaml | nindent 4 }}
+  {{- end }}
+  {{- include "flagsmith.replicaCount" .Values.sse.replicaCount | nindent 2 }}
+  template:
+    metadata:
+      annotations:
+        checksum/secrets-sse: {{ include (print $.Template.BasePath "/secrets-sse.yaml") . | sha256sum }}
+{{- if .Values.sse.podAnnotations }}
+{{ toYaml .Values.sse.podAnnotations | nindent 8 }}
+{{- end }}
+      labels:
+        {{- if .Values.common.labels }}
+        {{- .Values.common.labels  | toYaml | nindent 8 }}
+        {{- end }}
+        {{- include "flagsmith.selectorLabels" . | nindent 8 }}
+        app.kubernetes.io/component: sse
+        {{- if .Values.sse.podLabels }}
+{{ toYaml .Values.sse.podLabels | indent 8 }}
+        {{- end }}
+    spec:
+      {{- if .Values.sse.shareProcessNamespace }}
+      shareProcessNamespace: true
+      {{- end }}
+      {{- if .Values.sse.affinity }}
+      affinity:
+{{ toYaml .Values.sse.affinity | indent 8 }}
+      {{- end }}
+      {{- if .Values.sse.nodeSelector }}
+      nodeSelector:
+{{ toYaml .Values.sse.nodeSelector | indent 8 }}
+      {{- end }}
+      {{- if .Values.sse.tolerations }}
+      tolerations:
+{{ toYaml .Values.sse.tolerations | indent 8 }}
+      {{- end }}
+      {{- if .Values.sse.image.imagePullSecrets }}
+      imagePullSecrets:
+{{ toYaml .Values.sse.image.imagePullSecrets | indent 8 }}
+      {{- end }}
+      securityContext:
+        {{- $securityContext := .Values.sse.podSecurityContext | default (dict) | deepCopy }}
+        {{- if .Values.sse.defaultPodSecurityContext.enabled }}
+        {{- $securityContext = $securityContext | merge (omit .Values.sse.defaultPodSecurityContext "enabled") }}
+        {{- end }}
+        {{- toYaml $securityContext | nindent 8 }}
+      {{- if .Values.sse.serviceAccountName }}
+      serviceAccountName: {{ .Values.sse.serviceAccountName }}
+      {{- end }}
+      initContainers:
+{{- with .Values.sse.extraInitContainers }}
+{{- toYaml . | nindent 6 }}
+{{- end }}
+      containers:
+      - name: {{ .Chart.Name }}-sse
+        image: {{ .Values.sse.image.repository }}:{{ .Values.sse.image.tag | default "3.4.0" }}
+        imagePullPolicy: {{ .Values.sse.image.imagePullPolicy }}
+        args: ["serve"]
+        ports:
+        - containerPort: {{ .Values.service.sse.port }}
+        env: {{ include (print $.Template.BasePath "/_sse_environment.yaml") . | nindent 8 }}
+        livenessProbe:
+          failureThreshold: {{ .Values.sse.livenessProbe.failureThreshold }}
+          httpGet:
+            path: {{ .Values.sse.livenessProbe.path }}
+            port: 8000
+            scheme: HTTP
+          initialDelaySeconds: {{ .Values.sse.livenessProbe.initialDelaySeconds }}
+          periodSeconds: {{ .Values.sse.livenessProbe.periodSeconds }}
+          successThreshold: {{ .Values.sse.livenessProbe.successThreshold }}
+          timeoutSeconds: {{ .Values.sse.livenessProbe.timeoutSeconds }}
+        readinessProbe:
+          failureThreshold: {{ .Values.sse.readinessProbe.failureThreshold }}
+          httpGet:
+            path: {{ .Values.sse.readinessProbe.path }}
+            port: {{ .Values.service.sse.port }}
+            scheme: HTTP
+          initialDelaySeconds: {{ .Values.sse.readinessProbe.initialDelaySeconds }}
+          periodSeconds: {{ .Values.sse.readinessProbe.periodSeconds }}
+          successThreshold: {{ .Values.sse.readinessProbe.successThreshold }}
+          timeoutSeconds: {{ .Values.sse.readinessProbe.timeoutSeconds }}
+        resources:
+{{ toYaml .Values.sse.resources | indent 10 }}
+{{- with .Values.sse.extraContainers }}
+{{- toYaml . | nindent 6 }}
+{{- end }}
+      volumes:
+{{- with .Values.sse.extraVolumes }}
+{{- toYaml . | nindent 6 }}
+{{- end }}
+{{- with .Values.sse.extraSpec }}
+{{- toYaml . | nindent 2 }}
+{{- end }}
+{{- end }}
@@ -0,0 +1,15 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: {{ include "flagsmith.fullname" . }}-sse
+  {{- $annotations := include "flagsmith.annotations" .Values.common }}
+  {{- with $annotations }}
+  annotations:
+    {{- . | nindent 4 }}
+  {{- end }}
+  labels:
+    {{- include "flagsmith.labels" . | nindent 4 }}
+    app.kubernetes.io/component: sse
+type: Opaque
+stringData:
+  SSE_AUTHENTICATION_TOKEN: {{ include "flagsmith.sse.authenticationToken" . | quote }}
@@ -0,0 +1,21 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: {{ include "flagsmith.fullname" . }}-sse
+  {{- $annotations := include "flagsmith.annotations" ( dict "customAnnotations" .Values.service.sse.annotations "commonValues" .Values.common ) }}
+  {{- with $annotations }}
+  annotations:
+    {{- . | nindent 4 }}
+  {{- end }}
+  labels:
+    {{- include "flagsmith.labels" . | nindent 4 }}
+    app.kubernetes.io/component: sse
+spec:
+  type: {{ .Values.service.sse.type }}
+  ports:
+    - port: {{ .Values.service.sse.port }}
+      targetPort: {{ .Values.service.sse.port }}
+      protocol: TCP
+      name: http
+  selector: {{- include "flagsmith.selectorLabels" . | nindent 4 }}
+    app.kubernetes.io/component: sse
@@ -303,6 +303,62 @@ graphite:
   nameOverride: flagsmith-graphite
   autoSetStatsdHostEnvVar: true
 
+sse:
+  enabled: false
+  image:
+    repository: flagsmith/sse
+    tag: 3.4.0
+    imagePullPolicy: IfNotPresent
+    imagePullSecrets: []
+  # See all supported environment variables here:
+  # https://docs.flagsmith.com/deployment/hosting/real-time/deployment#sse-service
+  # extraEnv:
+  #   REDIS_HOST: redis.example.com
+  #   REDIS_PORT: 6379
+  # extraEnvFromSecret:
+  #   REDIS_PASSWORD:
+  #    secretName: my_redis_secrets
+  #    secretKey: my_redis_password
+  replicaCount: 1
+  deploymentStrategy: null
+  podAnnotations: {}
+  resources: {}
+  # limits:
+  #   cpu: 500m
+  #   memory: 500Mi
+  # requests:
+  #   cpu: 300m
+  #   memory: 300Mi
+  podLabels: {}
+  nodeSelector: {}
+  tolerations: []
+  affinity: {}
+  podSecurityContext: {}
+  defaultPodSecurityContext:
+    enabled: true
+    # runAsNonRoot: true  # TODO: enable this, conditional on tag semver
+    # runAsUser: 1000
+    # runAsGroup: 1000
+  livenessProbe:
+    path: /health
+    failureThreshold: 5
+    initialDelaySeconds: 5
+    periodSeconds: 10
+    successThreshold: 1
+    timeoutSeconds: 2
+  readinessProbe:
+    path: /health
+    failureThreshold: 10
+    initialDelaySeconds: 1
+    periodSeconds: 10
+    successThreshold: 1
+    timeoutSeconds: 2
+  shareProcessNamespace: false
+  serviceAccountName: null
+  extraInitContainers: []
+  extraContainers: []
+  extraVolumes: []
+
 service:
   api:
     type: ClusterIP
@@ -312,6 +368,10 @@ service:
     type: ClusterIP
     port: 8080
     annotations: {}
+  sse:
+    type: ClusterIP
+    port: 8000
+    annotations: {}
 
 ingress:
   frontend:
@@ -339,6 +399,19 @@ ingress:
     #  - secretName: chart-example-tls
     #    hosts:
     #      - chart-example.local
+  sse:
+    enabled: false
+    annotations: {}
+    ingressClassName: null
+    # kubernetes.io/ingress.class: nginx
+    # kubernetes.io/tls-acme: "true"
+    hosts:
+      - host: chart-example.local
+        paths: []
+    tls: []
+    #  - secretName: chart-example-tls
+    #    hosts:
+    #      - chart-example.local
 
 jobs:
   migrateDb: