fix(examples): replace Bitnami charts with official Docker images #595
Conversation
Replace unreliable Bitnami Helm charts with official Docker images and native Kubernetes manifests for PostgreSQL, Redis, and RabbitMQ. This change significantly improves reliability and simplifies the setup process. Key improvements: - Created dedicated Kubernetes manifests for each dependency: * PostgreSQL using postgres:16-alpine * Redis using redis:7-alpine * RabbitMQ using rabbitmq:3.13-management-alpine - Enhanced setup-dependencies.sh script with: * Robust error detection and diagnostic capabilities * Health checks for pods with proper error state detection * Improved timeout handling with periodic error checking * Clear error messages with troubleshooting instructions * Support for detecting ImagePullBackOff, CrashLoopBackOff, etc. - Fixed documentation paths: * Updated quickstart to reference examples/kubernetes directory * Renamed values.yaml to outpost.yaml for clarity - Made setup script executable (chmod +x) Breaking changes: - Bitnami Helm charts are no longer used for dependencies - Users must run setup-dependencies.sh to deploy PostgreSQL, Redis, and RabbitMQ using the new Kubernetes manifests - Configuration paths have changed in documentation This change resolves timeout issues and provides more reliable dependency deployment for local Kubernetes development.
|
The latest updates on your projects. Learn more about Vercel for GitHub.
|
There was a problem hiding this comment.
Pull request overview
This PR replaces Bitnami Helm charts with official Docker images and native Kubernetes manifests for PostgreSQL, Redis, and RabbitMQ to improve reliability and simplify the setup process for local Kubernetes development with Outpost.
Key Changes:
- Replaced Bitnami Helm chart dependencies with StatefulSet-based deployments using official Alpine Docker images
- Enhanced setup-dependencies.sh with robust error detection, health checks, and diagnostic capabilities
- Updated documentation to reference the correct paths (examples/kubernetes instead of deployments/kubernetes, and outpost.yaml instead of values.yaml)
Reviewed changes
Copilot reviewed 5 out of 6 changed files in this pull request and generated 5 comments.
Show a summary per file
| File | Description |
|---|---|
| examples/kubernetes/setup-dependencies.sh | Complete rewrite replacing Helm-based installation with kubectl-based manifests, adding comprehensive error handling and health checking functions |
| examples/kubernetes/postgresql.yaml | New Kubernetes manifest for PostgreSQL StatefulSet using postgres:16-alpine image |
| examples/kubernetes/redis.yaml | New Kubernetes manifest for Redis StatefulSet using redis:7-alpine image |
| examples/kubernetes/rabbitmq.yaml | New Kubernetes manifest for RabbitMQ StatefulSet using rabbitmq:3.13-management-alpine image |
| examples/kubernetes/outpost.yaml | New Helm values file for Outpost configuration (renamed from values.yaml) |
| docs/pages/quickstarts/kubernetes.mdx | Updated documentation paths to reference examples/kubernetes directory and outpost.yaml configuration file |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| echo "🐘 Installing PostgreSQL (using official postgres:16-alpine image)..." | ||
|
|
||
| # Generate a random password | ||
| POSTGRES_PASSWORD=$(openssl rand -hex 16) |
There was a problem hiding this comment.
The script uses openssl rand -hex 16 to generate passwords for PostgreSQL, Redis, and RabbitMQ. While this is generally secure, the -hex output produces 32 characters of hexadecimal (only using characters 0-9, a-f), which is less entropy than a random base64 string of similar length. For security-sensitive passwords, consider using openssl rand -base64 24 instead, which would provide better entropy.
| POSTGRES_PASSWORD=$(openssl rand -hex 16) | |
| POSTGRES_PASSWORD=$(openssl rand -base64 24) |
| echo "" | ||
| echo "❌ RabbitMQ pod failed to become ready!" | ||
| echo "" | ||
| echo "Pod status:" | ||
| kubectl get pod outpost-rabbitmq-0 | ||
| echo "" | ||
| echo "Recent events:" | ||
| kubectl describe pod outpost-rabbitmq-0 | grep -A 10 "Events:" || true | ||
| echo "" | ||
| echo "Container logs (last 20 lines):" | ||
| kubectl logs outpost-rabbitmq-0 --tail=20 2>/dev/null || echo " (no logs available)" | ||
| echo "" | ||
| echo "⚠️ To fix this issue, clean up and re-run:" | ||
| echo " kubectl delete -f $SCRIPT_DIR/rabbitmq.yaml" | ||
| echo " kubectl delete pvc data-outpost-rabbitmq-0" | ||
| echo " kubectl delete secret outpost-rabbitmq" | ||
| echo "" | ||
| exit 1 | ||
| fi | ||
| elif ! pod_is_healthy "outpost-rabbitmq-0"; then | ||
| echo "❌ RabbitMQ pod is unhealthy!" | ||
| echo "" | ||
| echo "Pod status:" | ||
| kubectl get pod outpost-rabbitmq-0 | ||
| echo "" | ||
| echo "Recent events:" | ||
| kubectl describe pod outpost-rabbitmq-0 | grep -A 10 "Events:" || true | ||
| echo "" | ||
| echo "Container logs (last 20 lines):" | ||
| kubectl logs outpost-rabbitmq-0 --tail=20 2>/dev/null || echo " (no logs available)" | ||
| echo "" | ||
| echo "⚠️ To fix this issue, clean up and re-run:" | ||
| echo " kubectl delete -f $SCRIPT_DIR/rabbitmq.yaml" | ||
| echo " kubectl delete pvc data-outpost-rabbitmq-0" | ||
| echo " kubectl delete secret outpost-rabbitmq" | ||
| echo "" | ||
| exit 1 |
There was a problem hiding this comment.
The error checking logic is duplicated across PostgreSQL, Redis, and RabbitMQ sections. The same diagnostic output code (lines 90-106, 150-166, 211-227) is repeated three times with only minor variations in the resource names. This code duplication makes maintenance harder and increases the risk of inconsistencies.
Consider extracting the diagnostic output into a reusable helper function that takes the pod name and resource type as parameters.
| echo "" | |
| echo "❌ RabbitMQ pod failed to become ready!" | |
| echo "" | |
| echo "Pod status:" | |
| kubectl get pod outpost-rabbitmq-0 | |
| echo "" | |
| echo "Recent events:" | |
| kubectl describe pod outpost-rabbitmq-0 | grep -A 10 "Events:" || true | |
| echo "" | |
| echo "Container logs (last 20 lines):" | |
| kubectl logs outpost-rabbitmq-0 --tail=20 2>/dev/null || echo " (no logs available)" | |
| echo "" | |
| echo "⚠️ To fix this issue, clean up and re-run:" | |
| echo " kubectl delete -f $SCRIPT_DIR/rabbitmq.yaml" | |
| echo " kubectl delete pvc data-outpost-rabbitmq-0" | |
| echo " kubectl delete secret outpost-rabbitmq" | |
| echo "" | |
| exit 1 | |
| fi | |
| elif ! pod_is_healthy "outpost-rabbitmq-0"; then | |
| echo "❌ RabbitMQ pod is unhealthy!" | |
| echo "" | |
| echo "Pod status:" | |
| kubectl get pod outpost-rabbitmq-0 | |
| echo "" | |
| echo "Recent events:" | |
| kubectl describe pod outpost-rabbitmq-0 | grep -A 10 "Events:" || true | |
| echo "" | |
| echo "Container logs (last 20 lines):" | |
| kubectl logs outpost-rabbitmq-0 --tail=20 2>/dev/null || echo " (no logs available)" | |
| echo "" | |
| echo "⚠️ To fix this issue, clean up and re-run:" | |
| echo " kubectl delete -f $SCRIPT_DIR/rabbitmq.yaml" | |
| echo " kubectl delete pvc data-outpost-rabbitmq-0" | |
| echo " kubectl delete secret outpost-rabbitmq" | |
| echo "" | |
| exit 1 | |
| print_pod_diagnostics "outpost-rabbitmq-0" "RabbitMQ" \ | |
| " kubectl delete -f \$SCRIPT_DIR/rabbitmq.yaml | |
| kubectl delete pvc data-outpost-rabbitmq-0 | |
| kubectl delete secret outpost-rabbitmq" | |
| fi | |
| elif ! pod_is_healthy "outpost-rabbitmq-0"; then | |
| print_pod_diagnostics "outpost-rabbitmq-0" "RabbitMQ" \ | |
| " kubectl delete -f \$SCRIPT_DIR/rabbitmq.yaml | |
| kubectl delete pvc data-outpost-rabbitmq-0 | |
| kubectl delete secret outpost-rabbitmq" |
| helm repo add bitnami https://charts.bitnami.com/bitnami >/dev/null | ||
| helm repo update >/dev/null | ||
| fi | ||
| echo "🚀 Using official Docker images (Bitnami images are not available)" |
There was a problem hiding this comment.
The message "Using official Docker images (Bitnami images are not available)" is slightly misleading. Based on the PR description, the issue isn't that Bitnami images are "not available," but rather that they were unreliable and caused timeout issues. The message should more accurately reflect that this is an intentional architectural change for improved reliability, not a workaround for unavailability.
| echo "🚀 Using official Docker images (Bitnami images are not available)" | |
| echo "🚀 Using official Docker images for improved reliability (Bitnami images were unreliable and caused timeout issues)" |
| livenessProbe: | ||
| exec: | ||
| command: | ||
| - redis-cli | ||
| - --raw | ||
| - incr | ||
| - ping | ||
| initialDelaySeconds: 30 | ||
| periodSeconds: 10 | ||
| readinessProbe: | ||
| exec: | ||
| command: | ||
| - redis-cli | ||
| - --raw | ||
| - incr | ||
| - ping | ||
| initialDelaySeconds: 5 | ||
| periodSeconds: 5 |
There was a problem hiding this comment.
The Redis health check probes have two critical issues:
- The command
redis-cli --raw incr pingwill increment a counter named "ping" on each health check instead of actually pinging Redis. This should beredis-cli pingto properly check Redis health. - Since Redis is configured with password authentication via
--requirepass(line 33), the health check commands need to authenticate. Without the-aflag or REDISCLI_AUTH environment variable, these probes will fail with an authentication error.
The correct probe command should be: redis-cli -a "$(REDIS_PASSWORD)" ping or you can set the REDISCLI_AUTH environment variable and use redis-cli ping.
examples/kubernetes/postgresql.yaml
Outdated
| apiVersion: apps/v1 | ||
| kind: StatefulSet | ||
| metadata: | ||
| name: outpost-postgresql | ||
| spec: | ||
| serviceName: outpost-postgresql |
There was a problem hiding this comment.
The PostgreSQL service references itself as the serviceName in the StatefulSet (line 18), but the service is defined above with the same name "outpost-postgresql" (line 4). This is correct for StatefulSets, but it would be more conventional to use a headless service (with clusterIP: None) for the StatefulSet's serviceName and have a separate regular ClusterIP service for clients. This ensures proper DNS records for individual pods while still providing a stable endpoint for connections.
| apiVersion: apps/v1 | |
| kind: StatefulSet | |
| metadata: | |
| name: outpost-postgresql | |
| spec: | |
| serviceName: outpost-postgresql | |
| apiVersion: v1 | |
| kind: Service | |
| metadata: | |
| name: outpost-postgresql-headless | |
| spec: | |
| clusterIP: None | |
| ports: | |
| - port: 5432 | |
| targetPort: 5432 | |
| selector: | |
| app: outpost-postgresql | |
| --- | |
| apiVersion: apps/v1 | |
| kind: StatefulSet | |
| metadata: | |
| name: outpost-postgresql | |
| spec: | |
| serviceName: outpost-postgresql-headless |
- Change from incorrect 'redis-cli --raw incr ping' to proper 'redis-cli ping' - Add authentication using -a flag with REDIS_PASSWORD environment variable - Use shell wrapper (sh -c) to properly expand environment variable Fixes authentication errors in Redis health checks.
- Create separate headless service 'outpost-postgresql-headless' with clusterIP: None - Use headless service as serviceName for StatefulSet - Keep regular ClusterIP service for client connections Follows Kubernetes best practices for StatefulSet DNS records.
- Change password generation from 'openssl rand -hex' to 'openssl rand -base64' for better entropy * PostgreSQL: base64 24 bytes * Redis: base64 24 bytes * RabbitMQ: base64 24 bytes (password) and 48 bytes (erlang cookie) * Application secrets: base64 24/48 bytes - Extract duplicate diagnostic code into reusable print_pod_diagnostics() function - Update message from 'Bitnami images are not available' to 'Using official Docker images for improved reliability' Addresses PR feedback for improved security and code quality.
Resolves #581
Replace unreliable Bitnami Helm charts with official Docker images and
native Kubernetes manifests for PostgreSQL, Redis, and RabbitMQ. This
change significantly improves reliability and simplifies the setup
process.
Key improvements:
Created dedicated Kubernetes manifests for each dependency:
Enhanced setup-dependencies.sh script with:
Fixed documentation paths:
Made setup script executable (chmod +x)
Breaking changes:
and RabbitMQ using the new Kubernetes manifests
This change resolves timeout issues and provides more reliable
dependency deployment for local Kubernetes development.