diff --git a/.github/workflows/kube-linter.yml b/.github/workflows/kube-linter.yml new file mode 100644 index 0000000..0fd3bcf --- /dev/null +++ b/.github/workflows/kube-linter.yml @@ -0,0 +1,24 @@ +name: Kube-Linter + +on: + push: + branches: + - main + pull_request: + branches: + - main + +permissions: + contents: read + +jobs: + linting: + runs-on: ubuntu-latest + steps: + - name: Checkout code + uses: actions/checkout@v4 + + - name: Scan repo with kube-linter + uses: stackrox/kube-linter-action@v1.0.4 + with: + directory: helm-chart diff --git a/helm-chart/Chart.yaml b/helm-chart/Chart.yaml index 16c32d4..5bab78e 100644 --- a/helm-chart/Chart.yaml +++ b/helm-chart/Chart.yaml @@ -3,4 +3,4 @@ name: hivebox description: A Helm chart for HiveBox application type: application version: 0.1.0 -appVersion: "0.7.0" +appVersion: "0.7.1" diff --git a/helm-chart/templates/cronjob.yaml b/helm-chart/templates/cronjob.yaml index b54f5e5..769e044 100644 --- a/helm-chart/templates/cronjob.yaml +++ b/helm-chart/templates/cronjob.yaml @@ -30,6 +30,10 @@ spec: sleep 5 fi done + securityContext: + {{- include "common.containerSecurityContext" . | nindent 16 }} + resources: + {{- include "common.resources" (dict "Values" .Values "name" "cronjob") | nindent 16 }} containers: - name: temperature-storage image: {{ .Values.images.cronjob }} diff --git a/helm-chart/templates/deployment.yaml b/helm-chart/templates/deployment.yaml index 1da0d76..de4c439 100644 --- a/helm-chart/templates/deployment.yaml +++ b/helm-chart/templates/deployment.yaml @@ -14,6 +14,20 @@ spec: labels: app: hivebox spec: + {{- if gt (int .Values.replicas.hivebox) 1 }} + affinity: + podAntiAffinity: + preferredDuringSchedulingIgnoredDuringExecution: + - weight: 100 + podAffinityTerm: + labelSelector: + matchExpressions: + - key: app + operator: In + values: + - hivebox + topologyKey: kubernetes.io/hostname + {{- end }} securityContext: {{- include "common.podSecurityContext" . | nindent 8 }} containers: diff --git a/kustomize/base/deployment.yaml b/kustomize/base/deployment.yaml index 604e4a0..ad17429 100644 --- a/kustomize/base/deployment.yaml +++ b/kustomize/base/deployment.yaml @@ -21,7 +21,7 @@ spec: runAsGroup: 1000 containers: - name: hivebox - image: ghcr.io/gabrielpalmar/hivebox:latest@sha256:c731999c3fd9b757e2fd816e3c9dcf645dba56647d8a921cb567ece3cf378dc3 + image: ghcr.io/gabrielpalmar/hivebox:0.7.1@sha256:c731999c6fac6f2f17f746aea7fafe073cf608c49729eb1e189ecf3551c62646 ports: - containerPort: 5000 env: diff --git a/kustomize/overlays/prod/deployment-patch.yaml b/kustomize/overlays/prod/deployment-patch.yaml index b58fab5..4208c17 100644 --- a/kustomize/overlays/prod/deployment-patch.yaml +++ b/kustomize/overlays/prod/deployment-patch.yaml @@ -8,4 +8,4 @@ spec: spec: containers: - name: hivebox - image: ghcr.io/gabrielpalmar/hivebox:0.7.0 + image: ghcr.io/gabrielpalmar/hivebox:0.7.1@sha256:c731999c6fac6f2f17f746aea7fafe073cf608c49729eb1e189ecf3551c62646 diff --git a/kustomize/overlays/staging/deployment-patch.yaml b/kustomize/overlays/staging/deployment-patch.yaml index dfc82b5..effb6af 100644 --- a/kustomize/overlays/staging/deployment-patch.yaml +++ b/kustomize/overlays/staging/deployment-patch.yaml @@ -8,4 +8,4 @@ spec: spec: containers: - name: hivebox - image: ghcr.io/gabrielpalmar/hivebox:0.7.0@sha256:c731999c3fd9b757e2fd816e3c9dcf645dba56647d8a921cb567ece3cf378dc3 + image: ghcr.io/gabrielpalmar/hivebox:0.7.1@sha256:c731999c6fac6f2f17f746aea7fafe073cf608c49729eb1e189ecf3551c62646