From e7375a7e8e9c177c6888fd87d4d6a065a0ef1c80 Mon Sep 17 00:00:00 2001 From: duanhongyi Date: Mon, 12 May 2025 12:37:06 +0800 Subject: [PATCH 01/11] chore(charts): change resources format --- charts/helmbroker/templates/_helpers.tpl | 14 -------------- .../templates/helmbroker-celery-deployment.yaml | 5 ++++- .../templates/helmbroker-deployment.yaml | 5 ++++- charts/helmbroker/values.yaml | 16 ++++++++++++++-- 4 files changed, 22 insertions(+), 18 deletions(-) diff --git a/charts/helmbroker/templates/_helpers.tpl b/charts/helmbroker/templates/_helpers.tpl index 4702bc6..8cb0ee7 100644 --- a/charts/helmbroker/templates/_helpers.tpl +++ b/charts/helmbroker/templates/_helpers.tpl @@ -28,20 +28,6 @@ env: {{- end }} {{- end }} -{{/* Generate helmbroker deployment limits */}} -{{- define "helmbroker.limits" -}} -{{- if or (.Values.limitsCpu) (.Values.limitsMemory) }} -resources: - limits: -{{- if (.Values.limitsCpu) }} - cpu: {{.Values.limitsCpu}} -{{- end }} -{{- if (.Values.limitsMemory) }} - memory: {{.Values.limitsMemory}} -{{- end }} -{{- end }} -{{- end }} - {{/* Generate helmbroker deployment volumeMounts */}} {{- define "helmbroker.volumeMounts" }} volumeMounts: diff --git a/charts/helmbroker/templates/helmbroker-celery-deployment.yaml b/charts/helmbroker/templates/helmbroker-celery-deployment.yaml index 7388b2c..d2b4ab5 100644 --- a/charts/helmbroker/templates/helmbroker-celery-deployment.yaml +++ b/charts/helmbroker/templates/helmbroker-celery-deployment.yaml @@ -49,7 +49,10 @@ spec: - -c - celery --app helmbroker worker --queues helmbroker.low,helmbroker.middle,helmbroker.high --autoscale=32,1 --loglevel=WARNING {{- end }} - {{- include "helmbroker.limits" $ | indent 8 }} + {{- with index .Values "celery" "resources" }} + resources: + {{- toYaml . | nindent 10 }} + {{- end }} {{- include "helmbroker.envs" $ | indent 8 }} {{- include "helmbroker.volumeMounts" $ | indent 8 }} {{- include "helmbroker.volumes" . | indent 6 }} diff --git a/charts/helmbroker/templates/helmbroker-deployment.yaml b/charts/helmbroker/templates/helmbroker-deployment.yaml index 6ad1385..6659e7d 100644 --- a/charts/helmbroker/templates/helmbroker-deployment.yaml +++ b/charts/helmbroker/templates/helmbroker-deployment.yaml @@ -71,7 +71,10 @@ spec: ports: - containerPort: 8000 name: http - {{- include "helmbroker.limits" . | indent 8 }} + {{- with index .Values "api" "resources" }} + resources: + {{- toYaml . | nindent 10 }} + {{- end }} {{- include "helmbroker.envs" . | indent 8 }} {{- include "helmbroker.volumeMounts" . | indent 8 }} {{- include "helmbroker.volumes" . | indent 6 }} diff --git a/charts/helmbroker/values.yaml b/charts/helmbroker/values.yaml index 60915f7..3af3f08 100644 --- a/charts/helmbroker/values.yaml +++ b/charts/helmbroker/values.yaml @@ -3,8 +3,6 @@ imageTag: "canary" imageRegistry: "registry.drycc.cc" imagePullPolicy: "Always" replicas: 1 -# limitsCpu: "100m" -# limitsMemory: "50Mi" ## Enable diagnostic mode ## @@ -44,6 +42,13 @@ environment: # HELMBROKER_CONFIG_ROOT: /etc/helmbroker api: + resources: {} + # limits: + # cpu: 200m + # memory: 50Mi + # requests: + # cpu: 100m + # memory: 30Mi nodeAffinityPreset: key: "drycc.cc/node" type: "soft" @@ -59,6 +64,13 @@ api: app: "drycc-helmbroker" celery: + resources: {} + # limits: + # cpu: 200m + # memory: 50Mi + # requests: + # cpu: 100m + # memory: 30Mi nodeAffinityPreset: key: "drycc.cc/node" type: "soft" From 5f8fd3c19705f1734f0c0b0c9a5849dca1008f70 Mon Sep 17 00:00:00 2001 From: duanhongyi Date: Tue, 15 Jul 2025 23:17:54 +0800 Subject: [PATCH 02/11] chore(workflow): remove cluster domain --- charts/helmbroker/Chart.yaml | 1 + charts/helmbroker/templates/_helpers.tpl | 4 ++-- .../helmbroker-celery-deployment.yaml | 4 ++-- charts/helmbroker/values.yaml | 19 ++----------------- rootfs/helmbroker/wsgi.py | 3 +-- 5 files changed, 8 insertions(+), 23 deletions(-) diff --git a/charts/helmbroker/Chart.yaml b/charts/helmbroker/Chart.yaml index 6e22e3a..6e8d2aa 100644 --- a/charts/helmbroker/Chart.yaml +++ b/charts/helmbroker/Chart.yaml @@ -9,6 +9,7 @@ dependencies: - name: valkey repository: {{repository}} version: x.x.x + condition: valkey.enabled description: Drycc Workflow helmbroker. maintainers: - name: Drycc Team diff --git a/charts/helmbroker/templates/_helpers.tpl b/charts/helmbroker/templates/_helpers.tpl index 8cb0ee7..3e9e40f 100644 --- a/charts/helmbroker/templates/_helpers.tpl +++ b/charts/helmbroker/templates/_helpers.tpl @@ -13,14 +13,14 @@ env: secretKeyRef: name: helmbroker-creds key: valkey-url -{{- else if eq .Values.global.valkeyLocation "on-cluster" }} +{{- else if .Values.valkey.enabled }} - name: VALKEY_PASSWORD valueFrom: secretKeyRef: name: valkey-creds key: password - name: HELMBROKER_VALKEY_URL - value: "redis://:$(VALKEY_PASSWORD)@drycc-valkey.{{.Release.Namespace}}.svc.{{.Values.global.clusterDomain}}:26379/0?master_set=drycc" + value: "redis://:$(VALKEY_PASSWORD)@drycc-valkey:26379/0?master_set=drycc" {{- end }} {{- range $key, $value := .Values.environment }} - name: {{ $key }} diff --git a/charts/helmbroker/templates/helmbroker-celery-deployment.yaml b/charts/helmbroker/templates/helmbroker-celery-deployment.yaml index d2b4ab5..d188ba5 100644 --- a/charts/helmbroker/templates/helmbroker-celery-deployment.yaml +++ b/charts/helmbroker/templates/helmbroker-celery-deployment.yaml @@ -33,8 +33,8 @@ spec: args: - netcat - -v - - -a - - $(DRYCC_HELMBROKER_SERVICE_HOST):$(DRYCC_HELMBROKER_SERVICE_PORT) + - -u + - http://drycc-helmbroker {{- include "helmbroker.envs" . | indent 10 }} containers: - name: drycc-helmbroker-celery diff --git a/charts/helmbroker/values.yaml b/charts/helmbroker/values.yaml index 3af3f08..31fee4e 100644 --- a/charts/helmbroker/values.yaml +++ b/charts/helmbroker/values.yaml @@ -95,20 +95,5 @@ persistence: storageClass: "" volumeName: "" -global: - # Set the location of Workflow's valkey instance - # Valid values are: - # - on-cluster: Run Valkey within the Kubernetes cluster - # - off-cluster: Run Valkey outside the Kubernetes cluster (configure in controller section) - valkeyLocation: "on-cluster" - # Enable usage of RBAC authorization mode - # - # Valid values are: - # - true: all RBAC-related manifests will be installed (in case your cluster supports RBAC) - # - false: no RBAC-related manifests will be installed - rbac: true - # A domain name consists of one or more parts. - # Periods (.) are used to separate these parts. - # Each part must be 1 to 63 characters in length and can contain lowercase letters, digits, and hyphens (-). - # It must start and end with a lowercase letter or digit. - clusterDomain: "cluster.local" +valkey: + enabled: true diff --git a/rootfs/helmbroker/wsgi.py b/rootfs/helmbroker/wsgi.py index 64db221..206c711 100644 --- a/rootfs/helmbroker/wsgi.py +++ b/rootfs/helmbroker/wsgi.py @@ -18,8 +18,7 @@ def readiness(): if "KUBECONFIG" in os.environ: return "OK" elif "KUBERNETES_SERVICE_PORT" in os.environ and \ - ("KUBERNETES_SERVICE_HOST" in os.environ or - "KUBERNETES_CLUSTER_DOMAIN" in os.environ): + "KUBERNETES_SERVICE_HOST" in os.environ: return "OK" return make_response("kubernetes not available", 500) From bf76ea5c889ae36c5cd065e391b240f9a167753b Mon Sep 17 00:00:00 2001 From: duanhongyi Date: Tue, 2 Sep 2025 09:39:02 +0800 Subject: [PATCH 03/11] chore(charts): celery process isolation --- .../templates/helmbroker-celery-deployment.yaml | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/charts/helmbroker/templates/helmbroker-celery-deployment.yaml b/charts/helmbroker/templates/helmbroker-celery-deployment.yaml index d188ba5..e3a3d67 100644 --- a/charts/helmbroker/templates/helmbroker-celery-deployment.yaml +++ b/charts/helmbroker/templates/helmbroker-celery-deployment.yaml @@ -37,7 +37,8 @@ spec: - http://drycc-helmbroker {{- include "helmbroker.envs" . | indent 10 }} containers: - - name: drycc-helmbroker-celery + {{- range $key := (list "low" "middle" "high") }} + - name: drycc-helmbroker-celery-{{$key}} image: {{$.Values.imageRegistry}}/{{$.Values.imageOrg}}/helmbroker:{{$.Values.imageTag}} imagePullPolicy: {{$.Values.imagePullPolicy}} {{- if $.Values.diagnosticMode.enabled }} @@ -47,12 +48,13 @@ spec: args: - /bin/bash - -c - - celery --app helmbroker worker --queues helmbroker.low,helmbroker.middle,helmbroker.high --autoscale=32,1 --loglevel=WARNING + - celery --app helmbroker worker -n {{uuidv4}}@%h --queues helmbroker.{{$key}} --autoscale=32,1 --loglevel=WARNING {{- end }} - {{- with index .Values "celery" "resources" }} + {{- with index $.Values "celery" "resources" }} resources: {{- toYaml . | nindent 10 }} {{- end }} {{- include "helmbroker.envs" $ | indent 8 }} {{- include "helmbroker.volumeMounts" $ | indent 8 }} + {{- end }} {{- include "helmbroker.volumes" . | indent 6 }} From 1bc5efb22043f6bb9d5276df778e65eda99384b6 Mon Sep 17 00:00:00 2001 From: duanhongyi Date: Tue, 2 Sep 2025 17:11:27 +0800 Subject: [PATCH 04/11] chore(charts): change replicas location --- .../helmbroker/templates/helmbroker-celery-deployment.yaml | 2 +- charts/helmbroker/templates/helmbroker-deployment.yaml | 2 +- charts/helmbroker/values.yaml | 6 +++--- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/charts/helmbroker/templates/helmbroker-celery-deployment.yaml b/charts/helmbroker/templates/helmbroker-celery-deployment.yaml index e3a3d67..b584e72 100644 --- a/charts/helmbroker/templates/helmbroker-celery-deployment.yaml +++ b/charts/helmbroker/templates/helmbroker-celery-deployment.yaml @@ -7,7 +7,7 @@ metadata: annotations: component.drycc.cc/version: {{ .Values.imageTag }} spec: - replicas: {{ .Values.celeryReplicas }} + replicas: {{ .Values.celery.replicas }} strategy: rollingUpdate: maxSurge: 1 diff --git a/charts/helmbroker/templates/helmbroker-deployment.yaml b/charts/helmbroker/templates/helmbroker-deployment.yaml index 6659e7d..fe9a2ed 100644 --- a/charts/helmbroker/templates/helmbroker-deployment.yaml +++ b/charts/helmbroker/templates/helmbroker-deployment.yaml @@ -7,7 +7,7 @@ metadata: annotations: component.drycc.cc/version: {{ .Values.imageTag }} spec: - replicas: {{ .Values.replicas }} + replicas: {{ .Values.api.replicas }} strategy: rollingUpdate: maxSurge: 1 diff --git a/charts/helmbroker/values.yaml b/charts/helmbroker/values.yaml index 31fee4e..65b9f54 100644 --- a/charts/helmbroker/values.yaml +++ b/charts/helmbroker/values.yaml @@ -2,7 +2,7 @@ imageOrg: "drycc-addons" imageTag: "canary" imageRegistry: "registry.drycc.cc" imagePullPolicy: "Always" -replicas: 1 + ## Enable diagnostic mode ## @@ -24,8 +24,6 @@ repositories: - name: drycc-helm-broker url: https://github.com/drycc/addons/releases/download/latest/index.yaml -celeryReplicas: 1 - # broker_credentials: # Optional Usernames and passwords that will be required to communicate with service broker username: admin @@ -42,6 +40,7 @@ environment: # HELMBROKER_CONFIG_ROOT: /etc/helmbroker api: + replicas: 1 resources: {} # limits: # cpu: 200m @@ -64,6 +63,7 @@ api: app: "drycc-helmbroker" celery: + replicas: 1 resources: {} # limits: # cpu: 200m From c806f29bc4a96e9595e7a2ce1928ae650edd8350 Mon Sep 17 00:00:00 2001 From: lijianguo Date: Tue, 2 Sep 2025 11:03:30 +0800 Subject: [PATCH 05/11] chore(helmbroker): support validate plan schema --- rootfs/helmbroker/broker.py | 10 +++++- rootfs/helmbroker/database/query.py | 4 +++ rootfs/helmbroker/utils.py | 50 +++++++++++++++++++++++++++++ 3 files changed, 63 insertions(+), 1 deletion(-) diff --git a/rootfs/helmbroker/broker.py b/rootfs/helmbroker/broker.py index c9bfa9a..19dda4b 100644 --- a/rootfs/helmbroker/broker.py +++ b/rootfs/helmbroker/broker.py @@ -13,7 +13,7 @@ UpdateDetails, UpdateServiceSpec, DeprovisionDetails, \ DeprovisionServiceSpec, LastOperation, OperationState -from .utils import verify_parameters, new_instance_lock +from .utils import verify_parameters, new_instance_lock, verify_parameters_by_plan from .database.fetch import fetch_chart_plan from .database.query import get_instance_path, get_chart_path, get_plan_path, \ get_addon_updateable, get_addon_bindable, get_addon_allow_params, \ @@ -64,6 +64,10 @@ def provision(self, os.makedirs(instance_path, exist_ok=True) chart_path, plan_path = get_chart_path(instance_id), get_plan_path(instance_id) fetch_chart_plan(details.service_id, chart_path, details.plan_id, plan_path) + # verify instance-schema + msg = verify_parameters_by_plan(instance_id, details.parameters) + if msg: + raise ErrBadRequest(msg) provision.delay(instance_id, details) return ProvisionedServiceSpec(state=ProvisionState.IS_ASYNC) @@ -146,6 +150,10 @@ def update(self, if details.plan_id is not None: chart_path, plan_path = get_chart_path(instance_id), get_plan_path(instance_id) fetch_chart_plan(details.service_id, chart_path, details.plan_id, plan_path) + # verify instance-schema + msg = verify_parameters_by_plan(instance_id, details.parameters) + if msg: + raise ErrBadRequest(msg) data = load_instance_meta(instance_id) data['last_operation']["state"] = OperationState.IN_PROGRESS.value data['last_operation']["description"] = ( diff --git a/rootfs/helmbroker/database/query.py b/rootfs/helmbroker/database/query.py index b7aa331..741cfc3 100644 --- a/rootfs/helmbroker/database/query.py +++ b/rootfs/helmbroker/database/query.py @@ -22,6 +22,10 @@ def get_plan_path(instance_id): return os.path.join(get_instance_path(instance_id), "plan") +def get_plan_schema_path(instance_id): + return os.path.join(get_instance_path(instance_id), "plan", "instance-schema.json") + + def get_hooks_path(instance_id): return os.path.join(get_plan_path(instance_id), "hooks") diff --git a/rootfs/helmbroker/utils.py b/rootfs/helmbroker/utils.py index b76e1b4..e749e85 100644 --- a/rootfs/helmbroker/utils.py +++ b/rootfs/helmbroker/utils.py @@ -5,6 +5,7 @@ import base64 import copy import logging +import jsonschema from urllib.parse import urlparse, parse_qs from contextlib import contextmanager from redis.client import Redis @@ -168,3 +169,52 @@ def _verify_required_parameters(allow_parameters, parameters): if error: error_parameters.add(allow_parameter["name"]) return error_parameters + + +def verify_parameters_by_plan(instance_id, parameters): + """verify parameters allowed or not""" + if not parameters: + return "" + # read schema file + from .database.query import get_plan_schema_path + schema_file = get_plan_schema_path(instance_id) + try: + with open(schema_file, 'r') as f: + schema = json.load(f) + except (FileNotFoundError, json.JSONDecodeError): + return "" + if not schema: + return "" + # get parameters + if "rawValues" in parameters: + params = yaml.safe_load(base64.b64decode(parameters["rawValues"])) + else: + params = _convert_to_nested_dict(parameters) + # validate schema + try: + jsonschema.validate(params, schema) + except jsonschema.ValidationError as e: + return f"could not validate: {e.message}" + return "" + + +def _convert_to_nested_dict(assignments): + """ + {"a.b.c": "1Gi", "a.b.d": "2Gi"} + -> + {'a': {'b': {'c': '1Gi', 'd': '2Gi'}}} + """ + def set_nested_value(d, keys, value): + if len(keys) == 1: + d[keys[0]] = value + else: + if keys[0] not in d: + d[keys[0]] = {} + set_nested_value(d[keys[0]], keys[1:], value) + result = {} + if isinstance(assignments, dict): + # dict format: {"a.b.c": "1Gi"} + for key_path, value in assignments.items(): + keys = key_path.split('.') + set_nested_value(result, keys, value) + return result From 76b27bdb65a6907120ab93274aa4b3ae0d8dee00 Mon Sep 17 00:00:00 2001 From: jianxiaoguo Date: Fri, 12 Sep 2025 10:36:16 +0800 Subject: [PATCH 06/11] chore(helmbroker): verify instance_name length --- rootfs/helmbroker/broker.py | 5 +++++ rootfs/helmbroker/config.py | 1 + 2 files changed, 6 insertions(+) diff --git a/rootfs/helmbroker/broker.py b/rootfs/helmbroker/broker.py index 19dda4b..c920789 100644 --- a/rootfs/helmbroker/broker.py +++ b/rootfs/helmbroker/broker.py @@ -21,6 +21,7 @@ from .database.metadata import load_instance_meta, load_binding_meta, load_addons_meta, \ save_instance_meta from .tasks import provision, bind, deprovision, update, unbind +from .config import INSTANCE_NAME_LENS logger = logging.getLogger(__name__) @@ -44,6 +45,10 @@ def provision(self, async_allowed: bool, **kwargs) -> ProvisionedServiceSpec: logger.debug(f"*** provision instance {instance_id}") + # verify instance_name length + if len(details.context["instance_name"]) > INSTANCE_NAME_LENS: + raise ErrBadRequest( + msg=f"The length of the instance name cannot exceed {INSTANCE_NAME_LENS}.") instance_path = get_instance_path(instance_id) if os.path.exists(instance_path): raise ErrInstanceAlreadyExists() diff --git a/rootfs/helmbroker/config.py b/rootfs/helmbroker/config.py index e5becfa..c83ad94 100644 --- a/rootfs/helmbroker/config.py +++ b/rootfs/helmbroker/config.py @@ -11,6 +11,7 @@ PASSWORD = os.environ.get('HELMBROKER_PASSWORD') VALKEY_URL = os.environ.get("HELMBROKER_VALKEY_URL", 'redis://localhost:6379/0') +INSTANCE_NAME_LENS = int(os.environ.get("INSTANCE_NAME_LENS", '32')) class Config: From 449ca4c81bdac84469b5b7bc30844d46670722ca Mon Sep 17 00:00:00 2001 From: duanhongyi Date: Sat, 13 Sep 2025 22:58:42 +0800 Subject: [PATCH 07/11] chore(helmbroker): bump new version --- rootfs/Dockerfile | 6 +++--- rootfs/Dockerfile.test | 6 +++--- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/rootfs/Dockerfile b/rootfs/Dockerfile index b6dad30..bd73c78 100644 --- a/rootfs/Dockerfile +++ b/rootfs/Dockerfile @@ -4,9 +4,9 @@ FROM registry.drycc.cc/drycc/base:${CODENAME} ENV DRYCC_UID=1001 \ DRYCC_GID=1001 \ DRYCC_HOME_DIR=/workspace \ - PYTHON_VERSION="3.12" \ - HELM_VERSION="3.17.2" \ - KUBECTL_VERSION="1.32.3" + PYTHON_VERSION="3.13" \ + HELM_VERSION="3.19.0" \ + KUBECTL_VERSION="1.34.1" RUN groupadd drycc --gid ${DRYCC_GID} \ && useradd drycc -u ${DRYCC_UID} -g ${DRYCC_GID} -s /bin/bash -m -d ${DRYCC_HOME_DIR} diff --git a/rootfs/Dockerfile.test b/rootfs/Dockerfile.test index 7596355..4c6eed0 100644 --- a/rootfs/Dockerfile.test +++ b/rootfs/Dockerfile.test @@ -4,9 +4,9 @@ FROM registry.drycc.cc/drycc/base:${CODENAME} ENV DRYCC_UID=1001 \ DRYCC_GID=1001 \ DRYCC_HOME_DIR=/workspace \ - PYTHON_VERSION="3.12" \ - HELM_VERSION="3.17.2" \ - KUBECTL_VERSION="1.32.3" + PYTHON_VERSION="3.13" \ + HELM_VERSION="3.19.0" \ + KUBECTL_VERSION="1.34.1" RUN groupadd drycc --gid ${DRYCC_GID} \ && useradd drycc -u ${DRYCC_UID} -g ${DRYCC_GID} -s /bin/bash -m -d ${DRYCC_HOME_DIR} From ebe21a9ed7b0145ce519eed0ac10b7b69e6a623b Mon Sep 17 00:00:00 2001 From: duanhongyi Date: Thu, 18 Sep 2025 14:31:16 +0800 Subject: [PATCH 08/11] chore(helmbroker): upgrade python requirements.txt --- rootfs/requirements.txt | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/rootfs/requirements.txt b/rootfs/requirements.txt index df9e44a..7810104 100644 --- a/rootfs/requirements.txt +++ b/rootfs/requirements.txt @@ -1,7 +1,7 @@ PyYAML==6.0.2 gunicorn==23.0.0 openbrokerapi==4.7.1 -requests==2.32.2 -celery==5.4.0 -redis==5.2.0 -jsonschema==4.23.0 +requests==2.32.5 +celery==5.5.3 +redis==6.4.0 +jsonschema==4.25.1 From 233e0584a4f2571cc212a87ed892c9d3c6d9990f Mon Sep 17 00:00:00 2001 From: duanhongyi Date: Sat, 15 Nov 2025 20:54:47 +0800 Subject: [PATCH 09/11] chore(python): bump python version to 3.14 --- rootfs/Dockerfile | 2 +- rootfs/Dockerfile.test | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/rootfs/Dockerfile b/rootfs/Dockerfile index bd73c78..d2661c6 100644 --- a/rootfs/Dockerfile +++ b/rootfs/Dockerfile @@ -4,7 +4,7 @@ FROM registry.drycc.cc/drycc/base:${CODENAME} ENV DRYCC_UID=1001 \ DRYCC_GID=1001 \ DRYCC_HOME_DIR=/workspace \ - PYTHON_VERSION="3.13" \ + PYTHON_VERSION="3.14" \ HELM_VERSION="3.19.0" \ KUBECTL_VERSION="1.34.1" diff --git a/rootfs/Dockerfile.test b/rootfs/Dockerfile.test index 4c6eed0..4aa8db9 100644 --- a/rootfs/Dockerfile.test +++ b/rootfs/Dockerfile.test @@ -4,7 +4,7 @@ FROM registry.drycc.cc/drycc/base:${CODENAME} ENV DRYCC_UID=1001 \ DRYCC_GID=1001 \ DRYCC_HOME_DIR=/workspace \ - PYTHON_VERSION="3.13" \ + PYTHON_VERSION="3.14" \ HELM_VERSION="3.19.0" \ KUBECTL_VERSION="1.34.1" From 2d338f217f0c7051936255b35eb9cd4302ac4101 Mon Sep 17 00:00:00 2001 From: duanhongyi Date: Sun, 5 Apr 2026 22:52:17 +0800 Subject: [PATCH 10/11] chore(helm): bump helm to 4.1.3 --- rootfs/Dockerfile | 4 ++-- rootfs/Dockerfile.test | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/rootfs/Dockerfile b/rootfs/Dockerfile index d2661c6..85d3134 100644 --- a/rootfs/Dockerfile +++ b/rootfs/Dockerfile @@ -5,8 +5,8 @@ ENV DRYCC_UID=1001 \ DRYCC_GID=1001 \ DRYCC_HOME_DIR=/workspace \ PYTHON_VERSION="3.14" \ - HELM_VERSION="3.19.0" \ - KUBECTL_VERSION="1.34.1" + HELM_VERSION="4.1.3" \ + KUBECTL_VERSION="1.35.3" RUN groupadd drycc --gid ${DRYCC_GID} \ && useradd drycc -u ${DRYCC_UID} -g ${DRYCC_GID} -s /bin/bash -m -d ${DRYCC_HOME_DIR} diff --git a/rootfs/Dockerfile.test b/rootfs/Dockerfile.test index 4aa8db9..fe48d53 100644 --- a/rootfs/Dockerfile.test +++ b/rootfs/Dockerfile.test @@ -5,8 +5,8 @@ ENV DRYCC_UID=1001 \ DRYCC_GID=1001 \ DRYCC_HOME_DIR=/workspace \ PYTHON_VERSION="3.14" \ - HELM_VERSION="3.19.0" \ - KUBECTL_VERSION="1.34.1" + HELM_VERSION="4.1.3" \ + KUBECTL_VERSION="1.35.3" RUN groupadd drycc --gid ${DRYCC_GID} \ && useradd drycc -u ${DRYCC_UID} -g ${DRYCC_GID} -s /bin/bash -m -d ${DRYCC_HOME_DIR} From f53626d5a47806df18fdd78f66c8e34006377fbc Mon Sep 17 00:00:00 2001 From: jianxiaoguo Date: Fri, 8 May 2026 11:49:40 +0800 Subject: [PATCH 11/11] chore(charts): config securityContext --- charts/helmbroker/templates/helmbroker-celery-deployment.yaml | 4 ++++ charts/helmbroker/templates/helmbroker-deployment.yaml | 4 ++++ 2 files changed, 8 insertions(+) diff --git a/charts/helmbroker/templates/helmbroker-celery-deployment.yaml b/charts/helmbroker/templates/helmbroker-celery-deployment.yaml index b584e72..1b39b78 100644 --- a/charts/helmbroker/templates/helmbroker-celery-deployment.yaml +++ b/charts/helmbroker/templates/helmbroker-celery-deployment.yaml @@ -58,3 +58,7 @@ spec: {{- include "helmbroker.volumeMounts" $ | indent 8 }} {{- end }} {{- include "helmbroker.volumes" . | indent 6 }} + securityContext: + fsGroup: 1001 + runAsGroup: 1001 + runAsUser: 1001 diff --git a/charts/helmbroker/templates/helmbroker-deployment.yaml b/charts/helmbroker/templates/helmbroker-deployment.yaml index fe9a2ed..45cc4cb 100644 --- a/charts/helmbroker/templates/helmbroker-deployment.yaml +++ b/charts/helmbroker/templates/helmbroker-deployment.yaml @@ -78,3 +78,7 @@ spec: {{- include "helmbroker.envs" . | indent 8 }} {{- include "helmbroker.volumeMounts" . | indent 8 }} {{- include "helmbroker.volumes" . | indent 6 }} + securityContext: + fsGroup: 1001 + runAsGroup: 1001 + runAsUser: 1001