From 4ebf75134f6b21c4941d4db324d31942a7d122bd Mon Sep 17 00:00:00 2001 From: Celes Renata Date: Sun, 19 Apr 2026 08:55:52 +0000 Subject: [PATCH] ci: clear proxy env in minio-bucket-init, capture seed pod logs on failure --- infra/inttest/minio.yaml | 4 ++++ infra/inttest/run_pipeline.sh | 5 +++-- pipelines/harbor/pvcs.yaml | 3 +-- pipelines/harbor/values.yaml | 7 +++++-- pipelines/pvs/harbor-pv.yaml | 17 ----------------- 5 files changed, 13 insertions(+), 23 deletions(-) diff --git a/infra/inttest/minio.yaml b/infra/inttest/minio.yaml index 798d2bf..e0be7a1 100644 --- a/infra/inttest/minio.yaml +++ b/infra/inttest/minio.yaml @@ -145,6 +145,10 @@ spec: memory: 128Mi command: ["/bin/sh", "-c"] env: + - name: HTTP_PROXY + value: "" + - name: HTTPS_PROXY + value: "" - name: NO_PROXY value: "minio,.local,10.0.0.0/8,192.168.0.0/16" - name: no_proxy diff --git a/infra/inttest/run_pipeline.sh b/infra/inttest/run_pipeline.sh index 518bd49..8795a68 100755 --- a/infra/inttest/run_pipeline.sh +++ b/infra/inttest/run_pipeline.sh @@ -333,7 +333,6 @@ log "Seeding sandbox database ..." if ! kubectl run seed-sandbox \ --image="$SEED_IMAGE" \ --restart=Never \ - --rm \ --attach \ --pod-running-timeout=5m \ --namespace="$NAMESPACE" \ @@ -355,7 +354,9 @@ if ! kubectl run seed-sandbox \ --env="MINIO_SECRET_KEY=minioadmin" \ --command -- python -m tests.integration.seed_sandbox; then log "FATAL: Database seed failed" - debug_pod_failure "seed-sandbox" "run=seed-sandbox" + log "Seed pod logs:" + kubectl logs seed-sandbox -n "$NAMESPACE" --tail=50 2>&1 || true + kubectl delete pod seed-sandbox -n "$NAMESPACE" --ignore-not-found > /dev/null 2>&1 || true stage_fail "seed_data" PIPELINE_EXIT_CODE=2 exit 2 diff --git a/pipelines/harbor/pvcs.yaml b/pipelines/harbor/pvcs.yaml index 71a44f1..23a2241 100644 --- a/pipelines/harbor/pvcs.yaml +++ b/pipelines/harbor/pvcs.yaml @@ -48,8 +48,7 @@ spec: resources: requests: storage: 5Gi - storageClassName: "" - volumeName: harbor-database-pv + storageClassName: longhorn --- apiVersion: v1 kind: PersistentVolumeClaim diff --git a/pipelines/harbor/values.yaml b/pipelines/harbor/values.yaml index 5ed9f97..73d317c 100644 --- a/pipelines/harbor/values.yaml +++ b/pipelines/harbor/values.yaml @@ -16,13 +16,16 @@ expose: controller: default className: traefik annotations: - cert-manager.io/cluster-issuer: letsencrypt-prod + cert-manager.io/cluster-issuer: celestium-le-production traefik.ingress.kubernetes.io/router.entrypoints: websecure ingress.kubernetes.io/ssl-redirect: "true" ingress.kubernetes.io/proxy-body-size: "0" externalURL: https://registry.celestium.life +# Proxy CA cert for Squid SSL bump — required for proxy cache to reach Docker Hub/GHCR +caBundleSecretName: harbor-ca-bundle + # Initial admin password — change after first login harborAdminPassword: "St0nks0racl3!" @@ -51,7 +54,7 @@ persistence: existingClaim: harbor-redis-pvc size: 2Gi trivy: - existingClaim: harbor-trivy-pvc + storageClass: longhorn size: 5Gi # Trivy vulnerability scanner diff --git a/pipelines/pvs/harbor-pv.yaml b/pipelines/pvs/harbor-pv.yaml index 14df478..9c38c8f 100644 --- a/pipelines/pvs/harbor-pv.yaml +++ b/pipelines/pvs/harbor-pv.yaml @@ -20,23 +20,6 @@ spec: --- apiVersion: v1 kind: PersistentVolume -metadata: - name: harbor-database-pv - labels: - app: harbor - component: database -spec: - capacity: - storage: 5Gi - accessModes: - - ReadWriteOnce - persistentVolumeReclaimPolicy: Retain - nfs: - server: 192.168.42.8 - path: /volume1/Kubernetes/harbor/data/database ---- -apiVersion: v1 -kind: PersistentVolume metadata: name: harbor-redis-pv labels: