diff --git a/chart/templates/backend-deployment.yaml b/chart/templates/backend-deployment.yaml index 8cb5408..b6fa64e 100644 --- a/chart/templates/backend-deployment.yaml +++ b/chart/templates/backend-deployment.yaml @@ -71,12 +71,30 @@ spec: - name: http containerPort: 8080 protocol: TCP - command: ["/usr/lib/jvm/default-jvm/bin/java"] - args: [{{ if and .Values.general.internal_tls.enabled .Values.general.internal_tls.certificates.existing_ca_secret_name }}"-Djavax.net.ssl.trustStore=/p12/internalca", "-Djavax.net.ssl.trustStorePassword=$(KEYSTORE_PASSWORD)",{{ end }} - {{- include "lightrun-backend.java.argument.asyncProfiler" . | nindent 12 }} - "-jar", - "/usr/src/lightrun/{{ .Values.deployments.backend.jar_name }}" - ] + command: ["sh", "-c"] + args: + - | + CMD="/usr/lib/jvm/default-jvm/bin/java" + # Add TLS opts if enabled + {{- if and .Values.general.internal_tls.enabled .Values.general.internal_tls.certificates.existing_ca_secret_name }} + CMD="$CMD -Djavax.net.ssl.trustStore=/p12/internalca" + CMD="$CMD -Djavax.net.ssl.trustStorePassword=$(KEYSTORE_PASSWORD)" + {{- end }} + + # Add async-profiler only if setup succeeded + if [ -f /async-profiler/lib/libasyncProfiler.so ]; then + echo "async-profiler available, enabling it..." + CMD="$CMD {{ include "lightrun-backend.java.argument.asyncProfiler" . }}" + else + echo "async-profiler setup failed earlier, starting without it" + fi + + # Add the jar + CMD="$CMD -jar /usr/src/lightrun/{{ .Values.deployments.backend.jar_name }}" + + echo "Final CMD: $CMD" + exec $CMD + volumeMounts: {{- include "lightrun-backend-crons.volumeMounts" . | nindent 12 }} {{- include "lightrun-backend.volumeMounts.asyncProfiler" . | nindent 12 }} diff --git a/chart/templates/crons/deployment.yaml b/chart/templates/crons/deployment.yaml index aac5117..3a3c0af 100644 --- a/chart/templates/crons/deployment.yaml +++ b/chart/templates/crons/deployment.yaml @@ -62,16 +62,31 @@ spec: - name: http containerPort: 8080 protocol: TCP - command: ["/usr/lib/jvm/default-jvm/bin/java"] - args: [ - {{- if and .Values.general.internal_tls.enabled .Values.general.internal_tls.certificates.existing_ca_secret_name }} - "-Djavax.net.ssl.trustStore=/p12/internalca", - "-Djavax.net.ssl.trustStorePassword=$(KEYSTORE_PASSWORD)", - {{- end }} - {{- include "lightrun-crons.java.argument.asyncProfiler" . | nindent 12 }} - "-jar", - "/usr/src/lightrun/{{ .Values.deployments.crons.jar_name }}" - ] + command: ["sh", "-c"] + args: + - | + CMD="/usr/lib/jvm/default-jvm/bin/java" + + # Add TLS opts if enabled + {{- if and .Values.general.internal_tls.enabled .Values.general.internal_tls.certificates.existing_ca_secret_name }} + CMD="$CMD -Djavax.net.ssl.trustStore=/p12/internalca" + CMD="$CMD -Djavax.net.ssl.trustStorePassword=$(KEYSTORE_PASSWORD)" + {{- end }} + + # Add async-profiler only if setup succeeded + if [ -f /async-profiler/lib/libasyncProfiler.so ]; then + echo "async-profiler available, enabling it..." + CMD="$CMD {{ include "lightrun-crons.java.argument.asyncProfiler" . }}" + else + echo "async-profiler setup failed earlier, starting without it" + fi + + # Add the jar + CMD="$CMD -jar /usr/src/lightrun/{{ .Values.deployments.crons.jar_name }}" + + echo "Final CMD: $CMD" + exec $CMD + volumeMounts: {{- include "lightrun-backend-crons.volumeMounts" . | nindent 12 }} {{- include "lightrun-crons.volumeMounts.asyncProfiler" . | nindent 12 }} diff --git a/chart/templates/helpers/_asyncProfiler.tpl b/chart/templates/helpers/_asyncProfiler.tpl index 32e7bfc..389c9a7 100644 --- a/chart/templates/helpers/_asyncProfiler.tpl +++ b/chart/templates/helpers/_asyncProfiler.tpl @@ -8,7 +8,9 @@ - | set -ex cd /tmp - wget {{ .downloadUrl }} -O async-profiler.tar.gz + if ! wget "{{ .downloadUrl }}" -O async-profiler.tar.gz; then + exit 0 + fi tar xvf async-profiler.tar.gz cp -r async-profiler-*/* /async-profiler resources: diff --git a/chart/templates/keycloak-statefulset.yaml b/chart/templates/keycloak-statefulset.yaml index 71ad410..9b3f87a 100644 --- a/chart/templates/keycloak-statefulset.yaml +++ b/chart/templates/keycloak-statefulset.yaml @@ -80,14 +80,38 @@ spec: containerPort: 7800 protocol: TCP {{- end }} + command: ["sh", "-c"] args: - - 'start' - - '--optimized' - - '--{{ include "http.scheme" . }}-port' - - '9080' - {{- if .Values.deployments.keycloak.useJsonLogFormat }} - - '--log-console-output=json' - {{- end }} + - | + # Base JAVA_OPTS_APPEND + {{- if .Values.deployments.keycloak.clusterMode }} + JAVA_OPTS_APPEND="-Djgroups.dns.query={{ include "lightrun-keycloak.name" . }}-headless" + {{- else }} + JAVA_OPTS_APPEND="" + {{- end }} + + # Append async-profiler only if setup succeeded + if [ -f /async-profiler/lib/libasyncProfiler.so ]; then + JAVA_OPTS_APPEND="$JAVA_OPTS_APPEND {{ include "lightrun-keycloak.java.argument.asyncProfiler" . }}" + fi + + export JAVA_OPTS_APPEND + + # Build startup command + CMD="/opt/keycloak/bin/kc.sh start --optimized" + + {{- if .Values.deployments.keycloak.clusterMode }} + CMD="$CMD --{{ include "http.scheme" . }}-port 9080" + {{- end }} + + {{- if .Values.deployments.keycloak.useJsonLogFormat }} + CMD="$CMD --log-console-output=json" + {{- end }} + + echo "JAVA_OPTS_APPEND at runtime: $JAVA_OPTS_APPEND" + echo "Final CMD: $CMD" + exec $CMD + {{- if or .Values.general.readOnlyRootFilesystem .Values.general.internal_tls.enabled .Values.deployments.keycloak.extraVolumeMounts @@ -270,12 +294,7 @@ spec: - name: KC_CACHE value: ispn - name: KC_CACHE_STACK - value: kubernetes - - name: JAVA_OPTS_APPEND - value: "-Djgroups.dns.query={{ include "lightrun-keycloak.name" . }}-headless {{ include "lightrun-keycloak.java.argument.asyncProfiler" . }}" - {{- else }} - - name: JAVA_OPTS_APPEND - value: "{{- include "lightrun-keycloak.java.argument.asyncProfiler" . -}}" + value: kubernetes {{- end }} - name: JAVASCRIPT_FILES value: js/keycloak.js