feat(platform): pin Odoo + postgres to mirror — fix rolling-tag regression
This commit is contained in:
OdooSky v3
40
values.yaml
40
values.yaml
@@ -74,29 +74,35 @@ sizes:
|
||||
filestore: 50Gi
|
||||
database: 100Gi
|
||||
|
||||
# imageMirror — air-gap support (audit B.10). When `registry` is
|
||||
# set, the chart prepends it to .Values.odoo.image AND
|
||||
# .Values.postgres.image references at template-render time. So an
|
||||
# air-gapped customer pointing at e.g. registry.example.com/dh-mirror
|
||||
# renders Odoo as registry.example.com/dh-mirror/odoo:18.0 instead
|
||||
# of Docker Hub's docker.io/library/odoo:18.0. Addon images already
|
||||
# pull from the cluster-local registry (registry.odoosky-system) by
|
||||
# Tower's image-build pipeline; this block covers the upstream Odoo
|
||||
# + Postgres images that bypass that pipeline.
|
||||
# imageMirror — REQUIRED for production. Customer instances must pull
|
||||
# their Odoo + Postgres images from the OdooSky-controlled registry,
|
||||
# never from Docker Hub directly. Three reasons:
|
||||
#
|
||||
# `pullSecret` names a K8s Secret in the instance namespace that
|
||||
# carries credentials for the mirror. Empty = anonymous pull (the
|
||||
# default; Docker Hub's library images don't need auth).
|
||||
# 1. Determinism. Docker Hub's `odoo:18.0` is a rolling tag — every
|
||||
# pod restart picks up whatever the latest nightly is. The 2026-05-04
|
||||
# build shipped a SQL regression (now() - INTERVAL '15 minutes'
|
||||
# string-quoted) that broke every login on every new pod. We pin
|
||||
# to a specific date-stamped tag we tested.
|
||||
# 2. Air-gap. Customers running disconnected clusters can't reach
|
||||
# Docker Hub; they can reach our registry.
|
||||
# 3. Rate-limit immunity. Docker Hub anonymous pulls cap at ~100/6h
|
||||
# per IP. A cluster with 50 instances bouncing pods can hit that.
|
||||
#
|
||||
# Default empty = same behaviour as before this addition — Odoo +
|
||||
# Postgres images come from Docker Hub.
|
||||
# Pinned tags are tracked in the `odoo-tower/odoosky-odoo` Gitea repo
|
||||
# (versions.yaml). Bumping that repo + this file is the GitOps path
|
||||
# for Odoo image updates. See the bump policy in odoosky-odoo/README.md.
|
||||
imageMirror:
|
||||
registry: ""
|
||||
pullSecret: ""
|
||||
registry: "registry.odoosky.cloud/odoosky/docker-mirror"
|
||||
# pullSecret — name of a Secret in the instance namespace carrying
|
||||
# registry credentials. Provisioned per-cluster by cluster-platform-v3.
|
||||
pullSecret: "docker-mirror-pull"
|
||||
|
||||
odoo:
|
||||
image: odoo
|
||||
tag: "18.0"
|
||||
# Pinned to upstream nightly. NEVER use rolling tags (18.0, 17.0, 16.0).
|
||||
# See odoo-tower/odoosky-odoo/versions.yaml for the canonical list and
|
||||
# the bump procedure.
|
||||
tag: "18.0-20260421"
|
||||
# Filestore PVC size (Odoo's /var/lib/odoo).
|
||||
filestoreSize: 10Gi
|
||||
|
||||
|
||||
Reference in New Issue
Block a user