Skip to content

Add private registry controls for redis/postgres initContainers #75

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
mtsolekas wants to merge 1 commit into from
Closed

Add private registry controls for redis/postgres initContainers #75

mtsolekas wants to merge 1 commit into from

Conversation

@mtsolekas
Copy link

@mtsolekas mtsolekas commented Mar 9, 2025
edited
Loading

Summary

When redis and/or postgres is enabled, the initContainers used to wait for the availability of these services have hardcoded images/tags. This can lead to policy violations when images must be pulled from a private registry and when explicit tags/digests must be used.

The present PR adds the ability to control the image repository,tag and digest in the same way as is done for the main mageai container, for the standalone deployment, webserver and scheduler. Additionally the digest value is added for all images in the values file, so it is clear it can be configured.

The default values are:

image:
  redisWait:
    repository: alpine
    tag: latest
    digest: ""
  postgresWait:
    repository: busybox
    tag: latest
    digest: ""
  repository: mageai/mageai
  pullPolicy: Always
  # Overrides the image tag whose default is the chart appVersion.
  tag: ""
  digest: ""

And can be overridden like so:

image:
  redisWait:
    repository: sample.private-registry.com/alpine
    tag: 3.21.3
    digest: ""
  postgresWait:
    repository: sample.private-registry.com/busybox
    tag: 1.37.0
    digest: sha256:42279ede3600b4e63af075a5e27d68232ff837d9cdcaba74feffc7ab0dfec0dc

The following issues are related (the alpine one not exactly since it refers to the testing image): #65 #46

Tests

The following values overrides were used to template the chart with helm template:

redis:
  enabled: true
postgresql:
  enabled: true
replicaCount: 3
standaloneScheduler: true
scheduelr:
  replicaCount: 3
webserver:
  replicaCount: 3
image:
  redisWait:
    repository: sample.private-registry.com/alpine
    tag: 3.21.3
    digest: ""
  postgresWait:
    repository: sample.private-registry.com/busybox
    tag: 1.37.0
    digest: sha256:42279ede3600b4e63af075a5e27d68232ff837d9cdcaba74feffc7ab0dfec0dc

And the following can be seen from the output for the scheduler, where both redis and postgres initContainer images are sourced from the private registry, with the redis one using a fixed tag and the postgres one using a digest:

apiVersion: apps/v1
kind: Deployment
metadata:
  name: mageai-scheduler
  labels:
    helm.sh/chart: mageai-0.2.10
    app.kubernetes.io/name: mageai
    app.kubernetes.io/instance: release-name
    app.kubernetes.io/version: "0.9.74"
    app.kubernetes.io/managed-by: Helm
spec:
  replicas: 1
  selector:
    matchLabels:
      app.kubernetes.io/name: mageai-scheduler
      app.kubernetes.io/instance: release-name
  template:
    metadata:
      labels:
        app.kubernetes.io/name: mageai-scheduler
        app.kubernetes.io/instance: release-name
    spec:
      serviceAccountName: mageai
      securityContext:
        {}
      initContainers:
        - name: wait-for-redis
          image: "sample.private-registry.com/alpine:3.21.3"
          imagePullPolicy: Always
          env:
            - name: REDIS_URL
              value: redis://release-name-redis-headless:6379/0
          command: ["sh", "-c", "until nc -z -v $(echo $REDIS_URL | cut -d'/' -f3 | cut -d':' -f1) $(echo $REDIS_URL | cut -d'/' -f3 | cut -d':' -f2); do sleep 1; done"]
        - name: wait-for-postgres
          image: "sample.private-registry.com/busybox@sha256:42279ede3600b4e63af075a5e27d68232ff837d9cdcaba74feffc7ab0dfec0dc"
          imagePullPolicy: Always
          command: ['sh', '-c', 'until nc -z postgresql-service 5432; do echo waiting for postgres; sleep 2; done;']
      containers:
        - name: mageai
          securityContext:
            {}
          image: "mageai/mageai:0.9.74"
          imagePullPolicy: Always
          ports:
            - name: http
              containerPort: 6789
              protocol: TCP
          resources:
            {}
          envFrom:
          env:
            - name: KUBE_NAMESPACE
              valueFrom:
                fieldRef:
                  fieldPath: metadata.namespace
            - name: REDIS_URL
              value: redis://release-name-redis-headless:6379/0
            - name: MAGE_DATABASE_CONNECTION_URL
              value: postgresql://your_username:your_password@postgresql-service:5432/your_database
            - name: INSTANCE_TYPE
              value: scheduler
          volumeMounts:
            - mountPath: /home/src
              name: mage-fs
      volumes:
        - hostPath:
            path: /path/to/mage_project
          name: mage-fs

@mtsolekas mtsolekas closed this Aug 2, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@mtsolekas