diff --git a/charts/sentry/templates/sentry/worker/deployment-sentry-worker-events.yaml b/charts/sentry/templates/sentry/worker/deployment-sentry-worker-events.yaml index 44f81181a..cda26d64a 100644 --- a/charts/sentry/templates/sentry/worker/deployment-sentry-worker-events.yaml +++ b/charts/sentry/templates/sentry/worker/deployment-sentry-worker-events.yaml @@ -76,10 +76,18 @@ spec: - name: {{ .Chart.Name }}-worker image: "{{ template "sentry.image" . }}" imagePullPolicy: {{ default "IfNotPresent" .Values.images.sentry.pullPolicy }} - command: ["sentry"] + command: ["/bin/bash", "-c"] args: - - "run" - - "worker" + - | + {{- if .Values.sentry.worker.installAdditionalPackages }} + pip install {{ range .Values.sentry.worker.installAdditionalPackages }}{{ . }} {{ end }} + {{- end }} + mkdir -p /usr/local/share/ca-certificates/ + for c in $(ls -1 /usr/local/share/ca-certificates/); do + cat /usr/local/share/ca-certificates/$c >> $(python3 -m certifi) && echo >> $(python3 -m certifi) + done + update-ca-certificates + sentry run worker - "-Q" - {{ .Values.sentry.workerEvents.queues }} {{- if .Values.sentry.workerEvents.concurrency }} @@ -122,6 +130,11 @@ spec: {{- if .Values.sentry.workerEvents.volumeMounts }} {{ toYaml .Values.sentry.workerEvents.volumeMounts | indent 8 }} {{- end }} + {{- if .Values.sentry.worker.caCertificatesSecret }} + - name: ca-certificates + mountPath: /usr/local/share/ca-certificates + readOnly: true + {{- end }} {{- if .Values.sentry.workerEvents.livenessProbe.enabled }} livenessProbe: periodSeconds: {{ .Values.sentry.workerEvents.livenessProbe.periodSeconds }} @@ -179,4 +192,10 @@ spec: {{- if .Values.sentry.workerEvents.volumes }} {{ toYaml .Values.sentry.workerEvents.volumes | indent 6 }} {{- end }} +{{- if .Values.sentry.worker.caCertificatesSecret }} + - name: ca-certificates + secret: + secretName: {{ .Values.sentry.worker.caCertificatesSecret }} + defaultMode: 0644 +{{- end }} {{- end }} diff --git a/charts/sentry/templates/sentry/worker/deployment-sentry-worker-transactions.yaml b/charts/sentry/templates/sentry/worker/deployment-sentry-worker-transactions.yaml index 1b8e30179..2db342d25 100644 --- a/charts/sentry/templates/sentry/worker/deployment-sentry-worker-transactions.yaml +++ b/charts/sentry/templates/sentry/worker/deployment-sentry-worker-transactions.yaml @@ -76,10 +76,18 @@ spec: - name: {{ .Chart.Name }}-worker image: "{{ template "sentry.image" . }}" imagePullPolicy: {{ default "IfNotPresent" .Values.images.sentry.pullPolicy }} - command: ["sentry"] + command: ["/bin/bash", "-c"] args: - - "run" - - "worker" + - | + {{- if .Values.sentry.worker.installAdditionalPackages }} + pip install {{ range .Values.sentry.worker.installAdditionalPackages }}{{ . }} {{ end }} + {{- end }} + mkdir -p /usr/local/share/ca-certificates/ + for c in $(ls -1 /usr/local/share/ca-certificates/); do + cat /usr/local/share/ca-certificates/$c >> $(python3 -m certifi) && echo >> $(python3 -m certifi) + done + update-ca-certificates + sentry run worker - "-Q" - {{ .Values.sentry.workerTransactions.queues }} {{- if .Values.sentry.workerTransactions.concurrency }} @@ -122,6 +130,11 @@ spec: {{- if .Values.sentry.workerTransactions.volumeMounts }} {{ toYaml .Values.sentry.workerTransactions.volumeMounts | indent 8 }} {{- end }} + {{- if .Values.sentry.worker.caCertificatesSecret }} + - name: ca-certificates + mountPath: /usr/local/share/ca-certificates + readOnly: true + {{- end }} {{- if .Values.sentry.workerTransactions.livenessProbe.enabled }} livenessProbe: periodSeconds: {{ .Values.sentry.workerTransactions.livenessProbe.periodSeconds }} @@ -179,4 +192,10 @@ spec: {{- if .Values.sentry.workerTransactions.volumes }} {{ toYaml .Values.sentry.workerTransactions.volumes | indent 6 }} {{- end }} +{{- if .Values.sentry.worker.caCertificatesSecret }} + - name: ca-certificates + secret: + secretName: {{ .Values.sentry.worker.caCertificatesSecret }} + defaultMode: 0644 +{{- end }} {{- end }} diff --git a/charts/sentry/templates/sentry/worker/deployment-sentry-worker.yaml b/charts/sentry/templates/sentry/worker/deployment-sentry-worker.yaml index fda9446e5..94ec538d8 100644 --- a/charts/sentry/templates/sentry/worker/deployment-sentry-worker.yaml +++ b/charts/sentry/templates/sentry/worker/deployment-sentry-worker.yaml @@ -76,10 +76,18 @@ spec: - name: {{ .Chart.Name }}-worker image: "{{ template "sentry.image" . }}" imagePullPolicy: {{ default "IfNotPresent" .Values.images.sentry.pullPolicy }} - command: ["sentry"] + command: ["/bin/bash", "-c"] args: - - "run" - - "worker" + - | + {{- if .Values.sentry.worker.installAdditionalPackages }} + pip install {{ range .Values.sentry.worker.installAdditionalPackages }}{{ . }} {{ end }} + {{- end }} + mkdir -p /usr/local/share/ca-certificates/ + for c in $(ls -1 /usr/local/share/ca-certificates/); do + cat /usr/local/share/ca-certificates/$c >> $(python3 -m certifi) && echo >> $(python3 -m certifi) + done + update-ca-certificates + sentry run worker {{- if .Values.sentry.worker.excludeQueues }} - "--exclude-queues" - "{{ .Values.sentry.worker.excludeQueues }}" @@ -129,6 +137,11 @@ spec: {{- if .Values.sentry.worker.volumeMounts }} {{ toYaml .Values.sentry.worker.volumeMounts | indent 8 }} {{- end }} + {{- if .Values.sentry.worker.caCertificatesSecret }} + - name: ca-certificates + mountPath: /usr/local/share/ca-certificates + readOnly: true + {{- end }} {{- if .Values.sentry.worker.livenessProbe.enabled }} livenessProbe: periodSeconds: {{ .Values.sentry.worker.livenessProbe.periodSeconds }} @@ -192,4 +205,10 @@ spec: {{- if .Values.global.volumes }} {{ toYaml .Values.global.volumes | indent 6 }} {{- end }} +{{- if .Values.sentry.worker.caCertificatesSecret }} + - name: ca-certificates + secret: + secretName: {{ .Values.sentry.worker.caCertificatesSecret }} + defaultMode: 0644 +{{- end }} {{- end }} diff --git a/charts/sentry/values.yaml b/charts/sentry/values.yaml index c4db60248..2ddb31c38 100644 --- a/charts/sentry/values.yaml +++ b/charts/sentry/values.yaml @@ -250,6 +250,12 @@ sentry: worker: enabled: true + # installAdditionalPackages: + # - django-multidb-router + # - sentry-nodestore-elastic + # - https://github.com/pavels/sentry-s3-nodestore/releases/download/v1.0.3/sentry-s3-nodestore-1.0.3.tar.gz + # kubectl create secret generic ca-certificates --from-file=you-certificates.crt=you-certificates.crt + # caCertificatesSecret: ca-certificates # annotations: {} replicas: 1 # concurrency: 4 @@ -291,6 +297,12 @@ sentry: workerEvents: ## If the number of exceptions increases, it is recommended to enable workerEvents enabled: false + # installAdditionalPackages: + # - django-multidb-router + # - sentry-nodestore-elastic + # - https://github.com/pavels/sentry-s3-nodestore/releases/download/v1.0.3/sentry-s3-nodestore-1.0.3.tar.gz + # kubectl create secret generic ca-certificates --from-file=you-certificates.crt=you-certificates.crt + # caCertificatesSecret: ca-certificates # annotations: {} queues: "events.save_event,post_process_errors" ## When increasing the number of exceptions and enabling workerEvents, it is recommended to increase the number of their replicas @@ -328,6 +340,12 @@ sentry: # allows to dedicate some workers to specific queues workerTransactions: enabled: false + # installAdditionalPackages: + # - django-multidb-router + # - sentry-nodestore-elastic + # - https://github.com/pavels/sentry-s3-nodestore/releases/download/v1.0.3/sentry-s3-nodestore-1.0.3.tar.gz + # kubectl create secret generic ca-certificates --from-file=you-certificates.crt=you-certificates.crt + # caCertificatesSecret: ca-certificates # annotations: {} queues: "events.save_event_transaction,post_process_transactions" replicas: 1