Skip to content

helm: configurable uwsgi override, probes and SMTP#4351

Open
bossbboy wants to merge 1 commit into
kiwitcms:masterfrom
bossbboy:feat/configurable-uwsgi-probes-smtp
Open

helm: configurable uwsgi override, probes and SMTP#4351
bossbboy wants to merge 1 commit into
kiwitcms:masterfrom
bossbboy:feat/configurable-uwsgi-probes-smtp

Conversation

@bossbboy

@bossbboy bossbboy commented May 9, 2026

Copy link
Copy Markdown

Summary

Extends the Helm chart with three configuration surfaces that previously required template hacks or post-render patches:

  • uwsgi.override / uwsgi.existingConfigMap — mounted at /Kiwi/etc/uwsgi.override, which the Kiwi image natively loads via if-file in etc/uwsgi.conf. Lets users tune processes, harakiri, buffer-size, etc. without rebuilding the image.
  • livenessProbe / readinessProbe / startupProbe — full spec rendered with toYaml, every field overridable. Defaults match the previous hardcoded probes; startupProbe defaults to {} (disabled).
  • email.smtp.* — injects Django EMAIL_HOST, EMAIL_PORT, EMAIL_USE_TLS, EMAIL_USE_SSL, EMAIL_HOST_USER, EMAIL_HOST_PASSWORD. Credentials come from a generated Secret or email.smtp.existingSecret. Also adds DEFAULT_FROM_EMAIL (mirrors SERVER_EMAIL, matches the upstream tcms/settings/common.py default).

Chart version bumped 0.1.00.2.0. Defaults are backward-compatible: with no values changes the rendered manifests are identical except for the new DEFAULT_FROM_EMAIL env (same value as SERVER_EMAIL).

Test plan

Verified against helm 3.x from ~/Downloads/Kiwi/helm:

  • helm lint . — passes
  • helm template kiwi . — default render unchanged (livenessProbe/readinessProbe identical, no startupProbe, no SMTP env, no uwsgi volume)
  • helm install --dry-run --debug — passes
  • --set uwsgi.override='[uwsgi]\nprocesses=8' → ConfigMap rendered, volume + subPath mount on /Kiwi/etc/uwsgi.override
  • --set uwsgi.existingConfigMap=my-cm → own ConfigMap NOT rendered, volume references my-cm
  • --set startupProbe.httpGet.path=/healthz --set startupProbe.failureThreshold=30 --set livenessProbe.initialDelaySeconds=30 → all three probes render with the right fields
  • --set email.smtp.enabled=true --set email.smtp.host=... --set email.smtp.user=... --set email.smtp.password=... → SMTP env vars injected, *-smtp Secret rendered with smtp-user/smtp-password keys
  • --set email.smtp.enabled=true --set email.smtp.existingSecret=my-smtp → own Secret NOT rendered, env vars reference my-smtp

Example values for production

uwsgi:
  override: |
    [uwsgi]
    processes = 8
    threads = 2
    harakiri = 60

startupProbe:
  httpGet: { path: /accounts/login/, port: http }
  failureThreshold: 30
  periodSeconds: 10

email:
  from: "kiwi@company.tld"
  smtp:
    enabled: true
    host: smtp.company.tld
    port: 587
    useTLS: true
    existingSecret: kiwi-smtp-prod   # keys: smtp-user, smtp-password

🤖 Generated with Claude Code

* uwsgi.override / uwsgi.existingConfigMap mounted at /Kiwi/etc/uwsgi.override
* livenessProbe / readinessProbe / startupProbe fully overridable via values
* email.smtp.* values inject EMAIL_HOST / EMAIL_PORT / EMAIL_USE_TLS /
  EMAIL_USE_SSL / EMAIL_HOST_USER / EMAIL_HOST_PASSWORD env, with a
  generated Secret or an existingSecret reference

Defaults preserve the previous behaviour; chart version bumped to 0.2.0.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
@atodorov

Copy link
Copy Markdown
Member

Comment thread helm/values.yaml
# Inline credentials (used only when existingSecret is empty).
user: ""
# Set via --set email.smtp.password=... on install
password: ""
@atodorov

Copy link
Copy Markdown
Member

Summary

Test plan

Please add at least some minimal testing in the existing CI pipelines/scripts.

Verified against helm 3.x from ~/Downloads/Kiwi/helm:

* [x]  `helm lint .` — passes

Can you start a new helm.yml

* [x]  `helm template kiwi .` — default render unchanged (livenessProbe/readinessProbe identical, no startupProbe, no SMTP env, no uwsgi volume)

* [x]  `helm install --dry-run --debug` — passes

Could be after helm lint as a separate step inside helm.yml

* [x]  `--set uwsgi.override='[uwsgi]\nprocesses=8'` → ConfigMap rendered, volume + `subPath` mount on `/Kiwi/etc/uwsgi.override`

* [x]  `--set uwsgi.existingConfigMap=my-cm` → own ConfigMap NOT rendered, volume references `my-cm`

* [x]  `--set startupProbe.httpGet.path=/healthz --set startupProbe.failureThreshold=30 --set livenessProbe.initialDelaySeconds=30` → all three probes render with the right fields

* [x]  `--set email.smtp.enabled=true --set email.smtp.host=... --set email.smtp.user=... --set email.smtp.password=...` → SMTP env vars injected, `*-smtp` Secret rendered with `smtp-user`/`smtp-password` keys

* [x]  `--set email.smtp.enabled=true --set email.smtp.existingSecret=my-smtp` → own Secret NOT rendered, env vars reference `my-smtp`

Not sure if you can be able to check all of these but at the very least we need to curl the page and make sure that it's up and running and displaying the login page.

@atodorov atodorov left a comment

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Overall looks good, needs some testing.

Comment thread helm/values.yaml
host: ""
port: 25
useTLS: false
useSSL: false

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please make these default to SSL. There is no reason to not use encrypted connections, even in examples.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants