windmill-labs / windmill-helm-charts Goto Github PK

I need an ability to provide some annotations to my serviceAccount. Looks like there is no way to do it.

Hi,

The Init Script box parameter seem not available in the Worker Management UI when using this Helm chart.
I m using the Helm chart with Windmill CE v1.181.0 docker image.

If I use the same image with the Docker-compose file provided in the doc, the Init Script box is available, and the Worker Management UI looks different.

Am i missing something ?

Thanks !

These are really useful for distributing pods between nodes and/or availability zones in a more expressive and flexible manner than using affinity. Please see Pod Topology Spread Constraints.

Hi all

I'm not sure if this is a problem that only occurs with the windmill helm-chart, but I am unable to configure windmill to use a HTTP-Proxy.
I already tried to pass the variables http_proxy and https_proxy as extraArgs to all the windmill deployments in the helm values and I was able to "kubectl exec" into the containers and access the internet using the configured http-Proxy.

However, when i try to run a python script in Windmill, the proxy does not seem to work. I cannot import any python modules from the internet.

When I run "print(os.environ)", my envs (http_proxy & https_proxy) do not show up.

Is this behaviour expected and is it somehow possible to pass global envs to windmill scripts?

Thanks and kind regards
Robin

Hi, the latest commit bumps the appVersion to "1.222.0", that image tag does not exist, the latest tag is "1.220.0".
Typo?

Thanks :)

We will also add plenty of doc with @hcourdent about how to leverage s3 for blob storage

HI guys,

I m trying to use the latest Windmill docker image with this Helm chart but it crash

Error: Migrating database: while executing migrations: error returned from database: syntax error at or near "TRIGGER"   

Can you help please ?

Here at:

Which missing $ at "{{ .Values.enterprise.s3CacheBucket }}"

Turn this repo into a chart repository using gh-pages and actions provided by helm.

Official doc: https://helm.sh/docs/topics/chart_repository/#github-pages-example
Reference repo: https://github.com/technosophos/tscharts
Chart release action: https://helm.sh/docs/howto/chart_releaser_action/

For demo purposes, postgres creds are currently plaintext. Very bad, will change to use secrets.

Hi team 👋🏼

It would be nice to have a global rewriting of labels and annotations on top. Cause on my IDP (Qovery) there are some missing and I can't:

• display services logs
• stop the chart
• display services statuses

For example:

windmill:
    annotations:
      qovery.annotations.service
    labels:
      qovery.labels.service

I'm available for testing if needed 👌🏼
cheers 🍻

Some kubernetes addons we would like to use with windmill require us to add labels in the Deployment template field.

There is currently no option to do this.

When setting exposeHostDocker: true, the volumes key is present twice in the worker manifests:

• windmill-helm-charts/charts/windmill/templates/workers.yaml

  Lines 33 to 37 in bdf0257

  	volumes:
  	- name: docker-sock
  	hostPath:
  	path: "/var/run/docker.sock"
  	type: File

• windmill-helm-charts/charts/windmill/templates/workers.yaml

  Lines 133 to 136 in bdf0257

  	volumes:
  	- name: oauth-volume
  	secret:
  	secretName: {{ if .Values.windmill.oauthSecretName }}{{ .Values.windmill.oauthSecretName }}{{ else }} {{ .Release.Name }}-oauth-secret {{- end }}

which fails to deploy updates when using Gitops where this is validated before applying the manifests (i.e. FluxCD)

There is an extra indent at the beginning here, when setting resources for app, the following error will be reported.

Error: YAML parse error on windmill/templates/app.yaml: error converting YAML to JSON: yaml: line 84: did not find expected key
helm.go:84: [debug] error converting YAML to JSON: yaml: line 84: did not find expected key
YAML parse error on windmill/templates/app.yaml

Currently the helm is reading secrets trough environment variables. This limits the way we can inject secrets into the deployment.

Add support for reading secrets from files.
Add Env variables that point to files instead of directly to the secret value
DATABASE_URL_FILE="/some/container/path/file"

This will also adapt to different secret management methods. Like when using Hashicorp vault and dynamic database credentials

On the Ingress definition ws_mp is always defined, even if enterprise is disabled.

Hi, regarding the use of a managed Postgres database in Azure, superuser access is not given to the owner. Therefore, there's no way to give BYPASSRLS permissions. The init-db SQL file may need to be adjusted to match scenarios where superuser is not given in cloud-hosted managed databases.

Issue for windmill main repo, please close

Hi !

It looks like there is no imagePullSecrets parameter available in this Helm Chart to use a custom Docker Image from a private Docker registry.

Sorry to bother you again, but the next error appeared. The error message is Error: UPGRADE FAILED: failed to create resource: Deployment.apps "windmill-workers-dedicated-mydedicatedWorker" is invalid: metadata.name: Invalid value: "windmill-workers-dedicated-mydedicatedWorker": a lowercase RFC 1123 subdomain must consist of lower case alphanumeric characters, '-' or '.', and must start and end with an alphanumeric character (e.g. 'example.com', regex used for validation is '[a-z0-9]([-a-z0-9]*[a-z0-9])?(\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*')

In short, here your default value is written in camelCase https://github.com/windmill-labs/windmill-helm-charts/blob/main/charts/windmill/values.yaml#L107 which is a bad idea, when that ends up to be part of name of an k8s resource respectively deployment.

See
https://github.com/windmill-labs/windmill-helm-charts/blob/main/charts/windmill/templates/dedicated-workers.yaml#L7C43-L7C43

No need to hurry, I can work around that by setting a value by myself but I think it is better to fix it for the future.

I've noticed some slowness in general while using the helm chart. The UI gets stuck often. I would be glad if I could:

• Configure resources so I can give the pods more juice and hopefully overcome slowness
• Configure autoscaling for frontend/workers
• Configure annotations/tolerations/affinity
• etc

Hi team 👋🏼

I'm using Windmill chart on Qovery IDP for context.

But when I change replicas it doesn't seems to change the number of workers:

Here my rewrite values for testing purposes:

postgresql:
  enabled: false
windmill:
    databaseUrl: qovery.env.DATABASE_URL
    annotations:
      qovery.annotations.service
    labels:
      qovery.labels.service
workerGroups:
  - name: "default"
    replicas: 2
    resources:
      requests:
        memory: "512Mi"
        cpu: "500m"
      limits:
        memory: "1024Mi"
        cpu: "1000m"
    annotations:
      qovery.annotations.service
    labels:
      qovery.labels.service
  - name: "native"
    replicas: 0
    resources:
      requests:
        memory: "256Mi"
        cpu: "100m"
      limits:
        memory: "256Mi"
        cpu: "100m"
    annotations:
      qovery.annotations.service
    labels:
      qovery.labels.service
  - name: "gpu"
    annotations:
      qovery.annotations.service
    labels:
      qovery.labels.service
app:
  annotations:
    qovery.annotations.service
  labels:
    qovery.labels.service
lsp:
  annotations:
    qovery.annotations.service
  labels:
    qovery.labels.service
multiplayer:
  annotations:
    qovery.annotations.service
  labels:
    qovery.labels.service
ingress:
  enabled: false
serviceAccount:
  annotations:
    qovery.annotations.service

available for testing if needed 👌🏼
Cheers

See image. runAsUser is not being saved to Kubernetes because it is being rendered one tier above SecurityContext. It should be nested under SecurityContext.

Bonjour. When performing a helm upgrade mywindmill windmill/windmill -n windmill after I executed helm repo update windmill I got the following error message. "Error: UPGRADE FAILED: parse error at (windmill/templates/dedicated-workers.yaml:132): unexpected EOF"

When bringing my own database, by setting databaseUrl, I encounter a couple of issues.

1. I need to manually create windmill_user and windmill_admin roles, otherwise some of the pods error.
2. After logging in as the default user I get Not found: App not found at name g/all/setup_app, which means I don't substitute the default user for my own etc.

Hi,

Question is in the title. The default configuration for Windmill's Helm chart sets Windmill as root. Is there a developer reason for this? It impacts our ability to install Windmill in clusters with security features enforced. Does Windmill need to be run as root?

If it's not required for Windmill then I'd like to unset it from the default and maybe consider making some improvements to the Helm chart to meet higher security defaults.