Merge pull request #57 from rayshoo/pull-request

Anadris · web-flow · commit 5102df421392 · 2026-02-09T11:34:18.000+01:00
feat: fix selectors, UI log rotation, Redis envs, and Vector logging example
diff --git a/charts/bunkerweb/templates/api-deployment.yaml b/charts/bunkerweb/templates/api-deployment.yaml
@@ -13,6 +13,7 @@ spec:
   selector:
     matchLabels:
       {{- include "bunkerweb.selectorLabels" . | nindent 6 }}
+      bunkerweb.io/component: "api"
   template:
     metadata:
       labels:
diff --git a/charts/bunkerweb/templates/bunkerweb-daemonset.yaml b/charts/bunkerweb/templates/bunkerweb-daemonset.yaml
@@ -10,6 +10,7 @@ spec:
   selector:
     matchLabels:
       {{- include "bunkerweb.selectorLabels" . | nindent 6 }}
+      bunkerweb.io/component: "bunkerweb"
   template:
     metadata:
       annotations:
@@ -67,6 +68,7 @@ spec:
             # Internal subnet(s) + localhost
             - name: API_WHITELIST_IP
               value: "{{ .Values.settings.misc.apiWhitelistIp }}"
+            {{- include "bunkerweb.redisEnv" . | nindent 12 }}
             {{- if .Values.ui.logs.enabled }}
             - name: ACCESS_LOG_1
               value: "syslog:server={{ include "bunkerweb.syslogAddress" . }},tag=bunkerweb_access"
diff --git a/charts/bunkerweb/templates/bunkerweb-deployment.yaml b/charts/bunkerweb/templates/bunkerweb-deployment.yaml
@@ -85,6 +85,7 @@ spec:
             # Internal subnet(s) + localhost
             - name: API_WHITELIST_IP
               value: "{{ .Values.settings.misc.apiWhitelistIp }}"
+            {{- include "bunkerweb.redisEnv" . | nindent 12 }}
             {{- if .Values.ui.logs.enabled }}
             - name: ACCESS_LOG_1
               value: "syslog:server={{ include "bunkerweb.syslogAddress" . }},tag=bunkerweb_access"
diff --git a/charts/bunkerweb/templates/bunkerweb-statefulset.yaml b/charts/bunkerweb/templates/bunkerweb-statefulset.yaml
@@ -84,6 +84,7 @@ spec:
             # Internal subnet(s) + localhost
             - name: API_WHITELIST_IP
               value: "{{ .Values.settings.misc.apiWhitelistIp }}"
+            {{- include "bunkerweb.redisEnv" . | nindent 12 }}
             {{- if .Values.ui.logs.enabled }}
             - name: ACCESS_LOG_1
               value: "syslog:server={{ include "bunkerweb.syslogAddress" . }},tag=bunkerweb_access"
diff --git a/charts/bunkerweb/templates/controller-deployment.yaml b/charts/bunkerweb/templates/controller-deployment.yaml
@@ -13,6 +13,7 @@ spec:
   selector:
     matchLabels:
       {{- include "bunkerweb.selectorLabels" . | nindent 6 }}
+      bunkerweb.io/component: "controller"
   template:
     metadata:
       labels:
@@ -66,9 +67,7 @@ spec:
               value: "{{ .Values.settings.kubernetes.domainName }}"
             - name: KUBERNETES_IGNORE_ANNOTATIONS
               value: "{{ .Values.settings.kubernetes.ignoreAnnotations }}"
-            {{- if .Values.controller.extraEnvs }}
             {{- toYaml .Values.controller.extraEnvs | nindent 12 }}
-            {{- end }}
             {{- if .Values.ui.logs.enabled }}
             - name: LOG_TYPES
               value: "stderr syslog"
diff --git a/charts/bunkerweb/templates/mariadb-deployment.yaml b/charts/bunkerweb/templates/mariadb-deployment.yaml
@@ -10,6 +10,9 @@ spec:
   selector:
     matchLabels:
       {{- include "bunkerweb.selectorLabels" . | nindent 6 }}
+      bunkerweb.io/component: "mariadb"
+  strategy:
+    type: {{ default "RollingUpdate" .Values.mariadb.strategy }}
   template:
     metadata:
       labels:
@@ -51,6 +54,9 @@ spec:
               {{- else }}
               value: "{{ .Values.mariadb.config.password }}"
               {{- end }}
+          {{- if .Values.mariadb.extraEnvs }}
+            {{- toYaml .Values.mariadb.extraEnvs | nindent 12 }}
+          {{- end }}
           volumeMounts:
             - mountPath: "/var/lib/mysql"
               name: vol-db
diff --git a/charts/bunkerweb/templates/redis-deployment.yaml b/charts/bunkerweb/templates/redis-deployment.yaml
@@ -10,6 +10,9 @@ spec:
   selector:
     matchLabels:
       {{- include "bunkerweb.selectorLabels" . | nindent 6 }}
+      bunkerweb.io/component: "redis"
+  strategy:
+    type: {{ default "RollingUpdate" .Values.redis.strategy }}
   template:
     metadata:
       labels:
@@ -34,6 +37,9 @@ spec:
               {{- else }}
               value: "{{ .Values.redis.config.password }}"
               {{- end }}
+          {{- if .Values.redis.extraEnvs }}
+            {{- toYaml .Values.redis.extraEnvs | nindent 12 }}
+          {{- end }}
           {{- with .Values.redis.resources }}
           resources:
             {{- toYaml . | nindent 12}}
diff --git a/charts/bunkerweb/templates/scheduler-deployment.yaml b/charts/bunkerweb/templates/scheduler-deployment.yaml
@@ -12,6 +12,7 @@ spec:
   selector:
     matchLabels:
       {{- include "bunkerweb.selectorLabels" . | nindent 6 }}
+      bunkerweb.io/component: "scheduler"
   template:
     metadata:
       labels:
diff --git a/charts/bunkerweb/templates/ui-deployment.yaml b/charts/bunkerweb/templates/ui-deployment.yaml
@@ -13,6 +13,7 @@ spec:
   selector:
     matchLabels:
       {{- include "bunkerweb.selectorLabels" . | nindent 6 }}
+      bunkerweb.io/component: "ui"
   template:
     metadata:
       labels:
@@ -106,6 +107,13 @@ spec:
         - name: bunkerweb-syslog
           image: {{ .Values.ui.logs.repository }}:{{ .Values.ui.logs.tag }}
           imagePullPolicy: {{ .Values.ui.logs.pullPolicy }}
+        {{- range .Values.scheduler.extraEnvs }}
+        {{- if eq .name "TZ" }}
+          env:
+            - name: TZ
+              value: "{{ .value }}"
+        {{- end }}
+        {{- end }}
           securityContext:
             capabilities:
               add:
diff --git a/charts/bunkerweb/templates/ui-logrotate.yaml b/charts/bunkerweb/templates/ui-logrotate.yaml
@@ -0,0 +1,127 @@
+{{- if and .Values.ui.logs.enabled .Values.ui.logs.logrotate.enabled -}}
+{{- $files := default (list) .Values.ui.logs.logrotate.files -}}
+---
+apiVersion: batch/v1
+kind: CronJob
+metadata:
+  name: ui-logrotate-{{ include "bunkerweb.fullname" . }}
+  namespace: {{ include "bunkerweb.namespace" . }}
+  labels:
+    {{- include "bunkerweb.labels" . | nindent 4 }}
+spec:
+  schedule: {{ .Values.ui.logs.logrotate.schedule | default "0 0 * * *" }}
+  jobTemplate:
+    spec:
+      template:
+        spec:
+        {{- if .Values.ui.nodeSelector }}
+          {{- with .Values.ui.nodeSelector }}
+          nodeSelector:
+            {{- toYaml . | nindent 12 }}
+          {{- end }}
+        {{- else if .Values.nodeSelector }}
+          {{- with .Values.nodeSelector }}
+          nodeSelector:
+            {{- toYaml . | nindent 12 }}
+          {{- end }}
+        {{- end }}
+        {{- if or (.Values.ui.tolerations) (.Values.tolerations) }}
+          tolerations:
+          {{- if .Values.ui.tolerations }}
+            {{- toYaml .Values.ui.tolerations | nindent 10 }}
+          {{- else }}
+            {{- toYaml .Values.tolerations | nindent 10 }}
+          {{- end }}
+        {{- end }}
+          affinity:
+            podAffinity:
+              requiredDuringSchedulingIgnoredDuringExecution:
+              - topologyKey: kubernetes.io/hostname
+                labelSelector:
+                  matchLabels:
+                    {{- include "bunkerweb.labels" . | nindent 20 }}
+                    {{- with .Values.ui.podLabels }}
+                    {{- toYaml . | nindent 20 }}
+                    {{- end }}
+                    bunkerweb.io/component: "ui"
+          containers:
+          - name: logrotate
+            image: alpine:latest
+            command:
+            - /bin/sh
+            - -c
+            - |
+{{- if gt (len $files) 0 }}
+              set -ex
+              apk add --no-cache logrotate
+              echo "=== Files before logrotate ==="
+              ls -la /var/log/bunkerweb/
+              logrotate -f /etc/logrotate.d/bunkerweb
+              echo "=== Files after logrotate ==="
+              ls -la /var/log/bunkerweb/
+              echo "=== Deleting old log files ==="
+              echo "Current time: $(date)"
+              cutoff=$(date -d @$(($(date +%s) - {{ $.Values.ui.logs.logrotate.rotate | default "2" }} * 86400)) +%Y%m%d)
+              echo "Cutoff date: $cutoff (files before this will be deleted)"
+              for f in /var/log/bunkerweb/*-[0-9][0-9][0-9][0-9][0-9][0-9][0-9][0-9].log; do
+                if [ -f "$f" ]; then
+                  datepart=$(basename "$f" | grep -oE '[0-9]{8}\.log$' | cut -d. -f1)
+                  if [ -n "$datepart" ] && [ "$datepart" -lt "$cutoff" ]; then
+                    echo "Deleting: $f (date: $datepart < $cutoff)"
+                    rm -f "$f"
+                  fi
+                fi
+              done
+              echo "=== Files after cleanup ==="
+              ls -la /var/log/bunkerweb/
+{{- else }}
+              echo "ui.logs.logrotate.files is empty; skip logrotate."
+              exit 0
+{{- end }}
+            volumeMounts:
+            - name: config
+              mountPath: /etc/logrotate.d/
+              readOnly: true
+            - name: bunkerweb-logs
+              mountPath: /var/log/bunkerweb
+          restartPolicy: OnFailure
+          volumes:
+          - name: config
+            configMap:
+              name: ui-logrotate-{{ include "bunkerweb.fullname" . }}
+          - name: bunkerweb-logs
+            persistentVolumeClaim:
+              claimName: ui-{{ include "bunkerweb.fullname" . }}
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: ui-logrotate-{{ include "bunkerweb.fullname" . }}
+  namespace: {{ include "bunkerweb.namespace" . }}
+  labels:
+    {{- include "bunkerweb.labels" . | nindent 4 }}
+data:
+  bunkerweb: |
+    {{- if gt (len $files) 0 -}}
+    {{- range $files }}
+    /var/log/bunkerweb/{{ . }}{{- end }} {
+      daily
+      rotate {{ add (.Values.ui.logs.logrotate.rotate | default "2") 1 }}
+      dateext
+      dateformat -%Y%m%d
+      compress
+      delaycompress
+      missingok
+      notifempty
+      copytruncate
+      postrotate
+        for f in /var/log/bunkerweb/*.log-[0-9]*; do
+          if [ -f "$f" ]; then
+            new_name=$(echo "$f" | sed -E 's/^(.*)\.log-([0-9]{8})$/\1-\2.log/')
+            mv "$f" "$new_name"
+          fi
+        done
+      endscript
+    }
+    {{- end -}}
+{{- end }}
diff --git a/charts/bunkerweb/values.yaml b/charts/bunkerweb/values.yaml
@@ -303,7 +303,7 @@ bunkerweb:
   # Also available at ghcr.io/bunkerity/bunkerweb
   repository: docker.io/bunkerity/bunkerweb
   tag: 1.6.7
-  pullPolicy: Always
+  pullPolicy: IfNotPresent
 
   # Resource requests and limits
   # RECOMMENDED: Uncomment and adjust for production
@@ -476,7 +476,7 @@ scheduler:
   # Also available at ghcr.io/bunkerity/bunkerweb-scheduler
   repository: docker.io/bunkerity/bunkerweb-scheduler
   tag: 1.6.7
-  pullPolicy: Always
+  pullPolicy: IfNotPresent
 
   # Image pull secrets (overrides global setting)
   imagePullSecrets: []
@@ -982,7 +982,7 @@ controller:
   # Also available at ghcr.io/bunkerity/bunkerweb-autoconf
   repository: docker.io/bunkerity/bunkerweb-autoconf
   tag: 1.6.7
-  pullPolicy: Always
+  pullPolicy: IfNotPresent
 
   # Image pull secrets (overrides global setting)
   imagePullSecrets: []
@@ -1054,7 +1054,7 @@ ui:
   # Also available at ghcr.io/bunkerity/bunkerweb-ui
   repository: docker.io/bunkerity/bunkerweb-ui
   tag: 1.6.7
-  pullPolicy: Always
+  pullPolicy: IfNotPresent
 
   # Image pull secrets (overrides global setting)
   imagePullSecrets: []
@@ -1106,7 +1106,7 @@ ui:
 
     # Syslog-ng container for log collection
     repository: docker.io/balabit/syslog-ng
-    pullPolicy: Always
+    pullPolicy: IfNotPresent
     tag: 4.8.0
 
     # Persistent storage for logs
@@ -1116,6 +1116,34 @@ ui:
       # Leave empty for default storage class
       storageClass: ""
 
+    # Log rotation and cleanup configuration
+    # Periodically rotates UI logs and removes old log files
+    logrotate:
+      # Enable periodic log rotation for UI logs
+      enabled: true
+
+      # Cron schedule for the log rotation job
+      # Default: daily at 00:00
+      schedule: 0 0 * * *
+
+      # Number of days to keep UI log files
+      # Log files older than this value will be automatically removed
+      rotate: 2
+
+      # Log file patterns to rotate (required when logrotate.enabled=true).
+      #
+      # This list is matched against log file names under /var/log/bunkerweb/.
+      # You can use glob patterns:
+      #   - *.com.log
+      #
+      # If this list is empty, no logrotate rules are generated and nothing will be rotated.
+      files:
+      - bw-autoconf.log
+      - bw-scheduler.log
+      - bw-ui-access.log
+      - bw-ui.log
+      # - '*.com.log'
+
   # Liveness probe configuration
   livenessProbe:
     exec:
@@ -1149,7 +1177,7 @@ api:
   # Also available at ghcr.io/bunkerity/bunkerweb-api
   repository: docker.io/bunkerity/bunkerweb-api
   tag: 1.6.7
-  pullPolicy: Always
+  pullPolicy: IfNotPresent
 
   # Image pull secrets (overrides global setting)
   imagePullSecrets: []
@@ -1211,11 +1239,17 @@ mariadb:
   # Container image configuration
   repository: docker.io/mariadb
   tag: "11"
-  pullPolicy: Always
+  pullPolicy: IfNotPresent
 
   # Image pull secrets (overrides global setting)
   imagePullSecrets: []
 
+  # Deployment update strategy for MariaDB
+  # Default: RollingUpdate
+  # Uncomment and set to "Recreate" when using single-node block storage
+  # (e.g. EBS with ReadWriteOnce) to avoid volume attach conflicts
+  # strategy: Recreate
+
   # Node selector (overrides global setting)
   nodeSelector: {}
 
@@ -1275,7 +1309,7 @@ redis:
   # Container image configuration
   repository: docker.io/redis
   tag: 7-alpine
-  pullPolicy: Always
+  pullPolicy: IfNotPresent
   # Persistent storage configuration
   persistence:
     # Storage size for Redis data
@@ -1288,6 +1322,12 @@ redis:
   # Image pull secrets (overrides global setting)
   imagePullSecrets: []
 
+  # Deployment update strategy for Redis
+  # Default: RollingUpdate
+  # Uncomment and set to "Recreate" when using single-node block storage
+  # (e.g. EBS with ReadWriteOnce) to avoid volume attach conflicts
+  # strategy: Recreate
+
   # Node selector (overrides global setting)
   nodeSelector: {}
 
@@ -1365,7 +1405,7 @@ prometheus:
 
   # Container image configuration
   repository: docker.io/prom/prometheus
-  pullPolicy: Always
+  pullPolicy: IfNotPresent
   tag: v3.3.1
 
   # Number of Prometheus replicas
diff --git a/examples/logging-services-with-vector.yaml b/examples/logging-services-with-vector.yaml
