Skip to content
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
10 changes: 5 additions & 5 deletions helm/codeapi/templates/package-init-job.yaml
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
{{/*
Package Init Job
Runs as a Helm pre-install/pre-upgrade hook to populate the packages PVC
with Python, Node, Bun, and Bash runtimes for the NsJail sandbox.
Runs before deployments in Argo CD syncs to populate the packages PVC with
Python, Node, Bun, and Bash runtimes for the NsJail sandbox.
*/}}
{{- if and .Values.workerSandbox.enabled .Values.workerSandbox.packages.initJob.enabled }}
{{- $packageInitNodeSelector := .Values.workerSandbox.sandboxRunner.nodeSelector }}
Expand All @@ -21,9 +21,9 @@ metadata:
{{- include "codeapi.labels" . | nindent 4 }}
app.kubernetes.io/component: package-init
annotations:
"helm.sh/hook": pre-install,pre-upgrade
"helm.sh/hook-weight": "-5"
"helm.sh/hook-delete-policy": before-hook-creation
"argocd.argoproj.io/hook": Sync
"argocd.argoproj.io/sync-wave": "-5"
"argocd.argoproj.io/hook-delete-policy": BeforeHookCreation,HookSucceeded
spec:
backoffLimit: {{ .Values.workerSandbox.packages.initJob.backoffLimit }}
{{- if .Values.workerSandbox.packages.initJob.ttlSecondsAfterFinished }}
Expand Down
12 changes: 5 additions & 7 deletions helm/codeapi/templates/pvc.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,8 @@ NOTE on access modes:
Requires storage class that supports RWX (NFS, EFS, Azure Files, GlusterFS, etc.)

If using the initJob to populate packages:
- The PVC is created as a Helm hook (pre-install) so it exists before the init job runs
- The PVC is created as a normal retained resource so Argo CD never deletes it
as a hook during upgrades
- The init job writes packages to the PVC
- Worker pods then mount the PVC (read-only at container level)
*/}}
Expand All @@ -22,14 +23,11 @@ metadata:
name: {{ include "codeapi.fullname" . }}-packages
labels:
{{- include "codeapi.labels" . | nindent 4 }}
{{- if .Values.workerSandbox.packages.initJob.enabled }}
annotations:
# Create PVC before the init job runs (lower weight = runs first)
"helm.sh/hook": pre-install,pre-upgrade
"helm.sh/hook-weight": "-10"
# Keep the PVC across upgrades (don't delete)
# Create PVC before the init job runs in Argo CD syncs.
"argocd.argoproj.io/sync-wave": "-10"
# Keep the PVC across app deletion/prune events.
"helm.sh/resource-policy": keep
{{- end }}
spec:
accessModes:
- {{ .Values.workerSandbox.packages.persistence.accessMode | default "ReadWriteOnce" }}
Expand Down
3 changes: 1 addition & 2 deletions helm/codeapi/values.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -293,8 +293,7 @@ workerSandbox:
# If you have pre-built packages, specify the existing claim
existingClaim: ""

# Init job to populate packages on first install
# Runs as a Helm pre-install/pre-upgrade hook
# Init job to populate packages before sandbox deployments in Argo CD syncs
# Compiles Python from source and downloads Node/Bun binaries
initJob:
enabled: true
Expand Down