GitHook controller was generating a Deployment without any persistent
storage — only a ConfigMap volume at /config. The worker needs /data to
access repo storage paths (APP_REPOS_ROOT defaults to /data/repos).
Changes:
- GitHookSpec: added storage_size field (default 10Gi), matching the
pattern already used by GitServerSpec
- git_hook.rs reconcile(): now creates a PVC ({name}-data) before the
Deployment, mounts it at /data, and sets APP_REPOS_ROOT=/data/repos
- git-hook-crd.yaml: synced storageSize field into the CRD schema
The git-hook worker needs /data to access repo storage paths, but the
deployment defined the shared-data PVC volume at pod level without
attaching it to the container via volumeMounts. Added the missing
volumeMounts block (name: shared-data, mountPath: /data) so the PVC is
properly mounted into the git-hook container, consistent with app and
static deployments.
validate_origin() only allowed localhost origins by default, causing
production WebSocket connections to be rejected. Now it reads
APP_DOMAIN_URL and APP_STATIC_DOMAIN from env and automatically
adds their http/https/ws/wss variants to the allowed origins list.
Also add APP_DOMAIN_URL to the production configmap.
Without a shared cookie signing key, each pod generates a random key on
startup. Requests that hit different pods fail session validation, causing
CaptchaError when the captcha and login requests route to different pods.
- Add procps to git-hook and email-worker Dockerfiles (provides pgrep)
- Change all exec probes from pgrep to kill -0 1 (more reliable, bash built-in)
- Add startupProbe to gitserver with 30 failure threshold (5min max startup time)
- Increase gitserver liveness initialDelay to 30s for slower SSH init
ConfigMap was removed from Helm chart (managed externally).
Secret contains all required env vars (APP_DATABASE_URL, APP_REDIS_URL,
SMTP credentials, SSH domain/key, etc.) and is always rendered
(helm.sh/resource-policy: keep prevents deletion on upgrade).
Also add APP_SSH_PORT and APP_SSH_SERVER_PRIVATE_KEY to secret template.
Replace individual configMapKeyRef env vars with envFrom + configMapRef
to inject the full ConfigMap, plus minimal env blocks for static values.
Also remove resources block from operator deployment (K8s schema validation).
