diff --git a/charts/collab/Chart.yaml b/charts/collab/Chart.yaml index 5483e7b..a03dbec 100644 --- a/charts/collab/Chart.yaml +++ b/charts/collab/Chart.yaml @@ -3,7 +3,7 @@ name: codetogether-collab description: CodeTogether Collab type: application -version: 1.2.4 +version: 1.2.5 appVersion: "2025.1.0" icon: https://www.codetogether.com/wp-content/uploads/2020/02/codetogether-circle-128.png diff --git a/charts/collab/templates/deployment.yaml b/charts/collab/templates/deployment.yaml index c5f8342..ff2fde7 100644 --- a/charts/collab/templates/deployment.yaml +++ b/charts/collab/templates/deployment.yaml @@ -194,10 +194,6 @@ spec: name: codetogether-runtime - mountPath: /tmp name: codetogether-tmp - - mountPath: /var/log/nginx - name: codetogether-runtime - - mountPath: /var/cache/nginx - name: codetogether-runtime {{- if .Values.favicon.enabled }} - mountPath: /opt/volatile-template/nginx/favicon.ico name: favicon-volume @@ -248,13 +244,13 @@ spec: resources: {{- toYaml .Values.resources | nindent 12 }} + {{- if .Values.securityContext.readOnlyRootFilesystem}} volumes: - name: codetogether-runtime emptyDir: {} - name: codetogether-tmp - emptyDir: - medium: Memory + emptyDir: {} {{- else if .Values.favicon.enabled }} volumes: - name: favicon-volume diff --git a/charts/collab/values.yaml b/charts/collab/values.yaml index 45f712c..2f729e8 100644 --- a/charts/collab/values.yaml +++ b/charts/collab/values.yaml @@ -217,7 +217,8 @@ securityContext: {} #defaults # - ALL # readOnlyRootFilesystem: true # enable for read-only setup # runAsNonRoot: true - # runAsUser: 0 # Use '0' for root user for read-only setup + # runAsUser: 1000 # Use '0' for root user, in vanilla k8s you can use any non-root uid + # In openshift, dont set runAsUser, let OpenShift assign the values readinessProbe: initialDelaySeconds: 60 diff --git a/charts/intel/Chart.yaml b/charts/intel/Chart.yaml index 72f3c89..885e7d8 100644 --- a/charts/intel/Chart.yaml +++ b/charts/intel/Chart.yaml @@ -3,7 +3,7 @@ name: codetogether-intel description: CodeTogether Intel provides advanced project insights for developers type: application -version: 1.2.7 +version: 1.2.8 appVersion: "2025.3.0" icon: https://www.codetogether.com/wp-content/uploads/2020/02/codetogether-circle-128.png diff --git a/charts/intel/templates/deployment.yaml b/charts/intel/templates/deployment.yaml index e3fd996..e6325a2 100644 --- a/charts/intel/templates/deployment.yaml +++ b/charts/intel/templates/deployment.yaml @@ -87,6 +87,10 @@ spec: {{ else }} {{ .Values.ai.url | quote }} {{ end }} + {{- if .Values.codetogether.customClientsUrl }} + - name: CT_CUSTOM_CLIENTS_ORIGIN + value: {{ .Values.codetogether.customClientsUrl | quote }} + {{- end }} - name: CT_HQ_OLLAMA_AI_MODEL_NAME value: {{ .Values.ai.modelName | default "gemma3:1b" | quote }} - name: CT_HQ_OLLAMA_AI_API_KEY @@ -99,7 +103,6 @@ spec: key: apiKey {{- end }} {{- end }} -{{- if .Values.securityContext.readOnlyRootFilesystem }} volumeMounts: - name: properties-volume mountPath: /opt/codetogether/runtime/cthq.properties @@ -109,26 +112,6 @@ spec: mountPath: /etc/ssl/certs/java/cacerts subPath: cacerts {{- end }} - # Read-only root FS mounts - - mountPath: /run - name: codetogether-runtime - - mountPath: /tmp - name: codetogether-tmp - - mountPath: /var/log/nginx - name: codetogether-runtime - - mountPath: /var/cache/nginx - name: codetogether-runtime -{{- else }} - volumeMounts: - - name: properties-volume - mountPath: /opt/codetogether/runtime/cthq.properties - subPath: cthq.properties - {{- if .Values.java.customCacerts.enabled }} - - name: java-cacerts - mountPath: /etc/ssl/certs/java/cacerts - subPath: cacerts - {{- end }} -{{- end }} ports: - name: http containerPort: 1080 @@ -177,14 +160,6 @@ spec: secret: secretName: {{ .Values.java.customCacerts.cacertsSecretName }} {{- end }} -{{- if .Values.securityContext.readOnlyRootFilesystem }} - - name: codetogether-runtime - emptyDir: {} - - name: codetogether-tmp - emptyDir: - medium: Memory -{{- end }} - {{- with .Values.nodeSelector }} nodeSelector: {{- toYaml . | nindent 8 }} diff --git a/charts/intel/values.yaml b/charts/intel/values.yaml index 0405873..bb4c418 100644 --- a/charts/intel/values.yaml +++ b/charts/intel/values.yaml @@ -39,6 +39,7 @@ imageCredentials: codetogether: url: https:// trustAllCerts: false # Set to 'true' to trust all certificates + # customClientsUrl: "" # Optional custom URL for clients to download from hqproperties: @@ -132,14 +133,14 @@ serviceAccount: podAnnotations: {} -securityContext: {} #defaults to - +securityContext: {} #defaults # capabilities: # drop: # - ALL - #readOnlyRootFilesystem: true # enable for read-only setup - # runAsNonRoot: true # false for non-root user - # runAsUser: 0 # Use '0' for root user for read-only setup + # readOnlyRootFilesystem: true # enable for read-only setup + # runAsNonRoot: true + # runAsUser: 1000 # Use '0' for root user + # In openshift, dont set runAsUser, let OpenShift assign the values ai: enabled: false diff --git a/compose/.env-template b/compose/.env-template index 502b43d..4082c18 100644 --- a/compose/.env-template +++ b/compose/.env-template @@ -55,3 +55,6 @@ DHPARAM_PEM=dhparam.pem # Enable “to trust all certificates” CT_TRUST_ALL_CERTS=false +# Uncomment and set the following variable to enable custom IDE clients location +# CT_CUSTOM_CLIENTS_ORIGIN= +