feat(platform): pin Odoo + postgres to mirror — fix rolling-tag regression
This commit is contained in:
OdooSky v3
40
values.yaml
40
values.yaml
@@ -74,29 +74,35 @@ sizes:
|
|||||||
filestore: 50Gi
|
filestore: 50Gi
|
||||||
database: 100Gi
|
database: 100Gi
|
||||||
|
|
||||||
# imageMirror — air-gap support (audit B.10). When `registry` is
|
# imageMirror — REQUIRED for production. Customer instances must pull
|
||||||
# set, the chart prepends it to .Values.odoo.image AND
|
# their Odoo + Postgres images from the OdooSky-controlled registry,
|
||||||
# .Values.postgres.image references at template-render time. So an
|
# never from Docker Hub directly. Three reasons:
|
||||||
# air-gapped customer pointing at e.g. registry.example.com/dh-mirror
|
|
||||||
# renders Odoo as registry.example.com/dh-mirror/odoo:18.0 instead
|
|
||||||
# of Docker Hub's docker.io/library/odoo:18.0. Addon images already
|
|
||||||
# pull from the cluster-local registry (registry.odoosky-system) by
|
|
||||||
# Tower's image-build pipeline; this block covers the upstream Odoo
|
|
||||||
# + Postgres images that bypass that pipeline.
|
|
||||||
#
|
#
|
||||||
# `pullSecret` names a K8s Secret in the instance namespace that
|
# 1. Determinism. Docker Hub's `odoo:18.0` is a rolling tag — every
|
||||||
# carries credentials for the mirror. Empty = anonymous pull (the
|
# pod restart picks up whatever the latest nightly is. The 2026-05-04
|
||||||
# default; Docker Hub's library images don't need auth).
|
# build shipped a SQL regression (now() - INTERVAL '15 minutes'
|
||||||
|
# string-quoted) that broke every login on every new pod. We pin
|
||||||
|
# to a specific date-stamped tag we tested.
|
||||||
|
# 2. Air-gap. Customers running disconnected clusters can't reach
|
||||||
|
# Docker Hub; they can reach our registry.
|
||||||
|
# 3. Rate-limit immunity. Docker Hub anonymous pulls cap at ~100/6h
|
||||||
|
# per IP. A cluster with 50 instances bouncing pods can hit that.
|
||||||
#
|
#
|
||||||
# Default empty = same behaviour as before this addition — Odoo +
|
# Pinned tags are tracked in the `odoo-tower/odoosky-odoo` Gitea repo
|
||||||
# Postgres images come from Docker Hub.
|
# (versions.yaml). Bumping that repo + this file is the GitOps path
|
||||||
|
# for Odoo image updates. See the bump policy in odoosky-odoo/README.md.
|
||||||
imageMirror:
|
imageMirror:
|
||||||
registry: ""
|
registry: "registry.odoosky.cloud/odoosky/docker-mirror"
|
||||||
pullSecret: ""
|
# pullSecret — name of a Secret in the instance namespace carrying
|
||||||
|
# registry credentials. Provisioned per-cluster by cluster-platform-v3.
|
||||||
|
pullSecret: "docker-mirror-pull"
|
||||||
|
|
||||||
odoo:
|
odoo:
|
||||||
image: odoo
|
image: odoo
|
||||||
tag: "18.0"
|
# Pinned to upstream nightly. NEVER use rolling tags (18.0, 17.0, 16.0).
|
||||||
|
# See odoo-tower/odoosky-odoo/versions.yaml for the canonical list and
|
||||||
|
# the bump procedure.
|
||||||
|
tag: "18.0-20260421"
|
||||||
# Filestore PVC size (Odoo's /var/lib/odoo).
|
# Filestore PVC size (Odoo's /var/lib/odoo).
|
||||||
filestoreSize: 10Gi
|
filestoreSize: 10Gi
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user