From 3eaa6381db9722d633331d4501f92a57ba5c9ed3 Mon Sep 17 00:00:00 2001 From: OdooSky v3 Date: Wed, 6 May 2026 11:57:49 +0200 Subject: [PATCH] =?UTF-8?q?feat(platform):=20pin=20Odoo=20+=20postgres=20t?= =?UTF-8?q?o=20mirror=20=E2=80=94=20fix=20rolling-tag=20regression?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- values.yaml | 40 +++++++++++++++++++++++----------------- 1 file changed, 23 insertions(+), 17 deletions(-) diff --git a/values.yaml b/values.yaml index 89a7d7f..da2c126 100644 --- a/values.yaml +++ b/values.yaml @@ -74,29 +74,35 @@ sizes: filestore: 50Gi database: 100Gi -# imageMirror — air-gap support (audit B.10). When `registry` is -# set, the chart prepends it to .Values.odoo.image AND -# .Values.postgres.image references at template-render time. So an -# air-gapped customer pointing at e.g. registry.example.com/dh-mirror -# renders Odoo as registry.example.com/dh-mirror/odoo:18.0 instead -# of Docker Hub's docker.io/library/odoo:18.0. Addon images already -# pull from the cluster-local registry (registry.odoosky-system) by -# Tower's image-build pipeline; this block covers the upstream Odoo -# + Postgres images that bypass that pipeline. +# imageMirror — REQUIRED for production. Customer instances must pull +# their Odoo + Postgres images from the OdooSky-controlled registry, +# never from Docker Hub directly. Three reasons: # -# `pullSecret` names a K8s Secret in the instance namespace that -# carries credentials for the mirror. Empty = anonymous pull (the -# default; Docker Hub's library images don't need auth). +# 1. Determinism. Docker Hub's `odoo:18.0` is a rolling tag — every +# pod restart picks up whatever the latest nightly is. The 2026-05-04 +# build shipped a SQL regression (now() - INTERVAL '15 minutes' +# string-quoted) that broke every login on every new pod. We pin +# to a specific date-stamped tag we tested. +# 2. Air-gap. Customers running disconnected clusters can't reach +# Docker Hub; they can reach our registry. +# 3. Rate-limit immunity. Docker Hub anonymous pulls cap at ~100/6h +# per IP. A cluster with 50 instances bouncing pods can hit that. # -# Default empty = same behaviour as before this addition — Odoo + -# Postgres images come from Docker Hub. +# Pinned tags are tracked in the `odoo-tower/odoosky-odoo` Gitea repo +# (versions.yaml). Bumping that repo + this file is the GitOps path +# for Odoo image updates. See the bump policy in odoosky-odoo/README.md. imageMirror: - registry: "" - pullSecret: "" + registry: "registry.odoosky.cloud/odoosky/docker-mirror" + # pullSecret — name of a Secret in the instance namespace carrying + # registry credentials. Provisioned per-cluster by cluster-platform-v3. + pullSecret: "docker-mirror-pull" odoo: image: odoo - tag: "18.0" + # Pinned to upstream nightly. NEVER use rolling tags (18.0, 17.0, 16.0). + # See odoo-tower/odoosky-odoo/versions.yaml for the canonical list and + # the bump procedure. + tag: "18.0-20260421" # Filestore PVC size (Odoo's /var/lib/odoo). filestoreSize: 10Gi