improvement(helm): enhance copilot chart with HA support and validation

waleed · waleed · commit feae33e00da0 · 2025-11-08T17:19:18.000-08:00
diff --git a/helm/sim/examples/values-copilot.yaml b/helm/sim/examples/values-copilot.yaml
@@ -38,6 +38,10 @@ copilot:
       SIM_BASE_URL: "https://sim.example.com"  # Base URL for Sim deployment
       SIM_AGENT_API_KEY: ""                    # Must match SIM-side COPILOT_API_KEY
       REDIS_URL: "redis://default:password@redis:6379"
+      # Optional configuration
+      LOG_LEVEL: "info"
+      CORS_ALLOWED_ORIGINS: "https://sim.example.com"
+      OTEL_EXPORTER_OTLP_ENDPOINT: ""
     
     # Create a Secret from the values above. Set create=false to reference an existing secret instead.
     secret:
diff --git a/helm/sim/templates/_helpers.tpl b/helm/sim/templates/_helpers.tpl
@@ -355,7 +355,11 @@ Validate Copilot configuration
       {{- fail "Set at least one of copilot.server.env.OPENAI_API_KEY_1 or copilot.server.env.ANTHROPIC_API_KEY_1" -}}
     {{- end -}}
   {{- end -}}
-  {{- if not .Values.copilot.postgresql.enabled -}}
+  {{- if .Values.copilot.postgresql.enabled -}}
+    {{- if or (not .Values.copilot.postgresql.auth.password) (eq .Values.copilot.postgresql.auth.password "") -}}
+      {{- fail "copilot.postgresql.auth.password is required when copilot.postgresql.enabled=true" -}}
+    {{- end -}}
+  {{- else -}}
     {{- if and (or (not .Values.copilot.database.existingSecretName) (eq .Values.copilot.database.existingSecretName "")) (or (not .Values.copilot.database.url) (eq .Values.copilot.database.url "")) -}}
       {{- fail "Provide copilot.database.existingSecretName or copilot.database.url when copilot.postgresql.enabled=false" -}}
     {{- end -}}
diff --git a/helm/sim/templates/job-copilot-migrations.yaml b/helm/sim/templates/job-copilot-migrations.yaml
@@ -9,7 +9,7 @@ metadata:
     app.kubernetes.io/component: copilot-migrations
   annotations:
     "helm.sh/hook": post-install,post-upgrade
-    "helm.sh/hook-weight": "1"
+    "helm.sh/hook-weight": "-5"
     "helm.sh/hook-delete-policy": before-hook-creation
 spec:
   backoffLimit: {{ .Values.copilot.migrations.backoffLimit }}
diff --git a/helm/sim/templates/poddisruptionbudget.yaml b/helm/sim/templates/poddisruptionbudget.yaml
@@ -50,3 +50,32 @@ spec:
       {{- include "sim.realtime.selectorLabels" $ | nindent 6 }}
 {{- end }}
 {{- end }}
+{{- if and .Values.copilot.enabled .Values.copilot.server.podDisruptionBudget.enabled }}
+{{- with .Values.copilot.server.podDisruptionBudget }}
+---
+apiVersion: policy/v1
+kind: PodDisruptionBudget
+metadata:
+  name: {{ include "sim.fullname" $ }}-copilot-pdb
+  namespace: {{ $.Release.Namespace }}
+  labels:
+    {{- include "sim.labels" $ | nindent 4 }}
+    app.kubernetes.io/component: copilot
+spec:
+  {{- if .minAvailable }}
+  minAvailable: {{ .minAvailable }}
+  {{- else if .maxUnavailable }}
+  maxUnavailable: {{ .maxUnavailable }}
+  {{- else }}
+  maxUnavailable: 1
+  {{- end }}
+  {{- if .unhealthyPodEvictionPolicy }}
+  unhealthyPodEvictionPolicy: {{ .unhealthyPodEvictionPolicy }}
+  {{- end }}
+  selector:
+    matchLabels:
+      app.kubernetes.io/name: {{ include "sim.name" $ }}
+      app.kubernetes.io/instance: {{ $.Release.Name }}
+      app.kubernetes.io/component: copilot
+{{- end }}
+{{- end }}
diff --git a/helm/sim/values.schema.json b/helm/sim/values.schema.json
@@ -726,6 +726,23 @@
                 "port": { "type": "integer" },
                 "targetPort": { "type": "integer" }
               }
+            },
+            "podDisruptionBudget": {
+              "type": "object",
+              "properties": {
+                "enabled": {
+                  "type": "boolean",
+                  "description": "Enable PodDisruptionBudget for Copilot server"
+                },
+                "minAvailable": {
+                  "type": "integer",
+                  "description": "Minimum number of available pods"
+                },
+                "maxUnavailable": {
+                  "type": "integer",
+                  "description": "Maximum number of unavailable pods"
+                }
+              }
             }
           }
         },
@@ -836,6 +853,27 @@
             }
           }
         },
+        "copilot": {
+          "type": "object",
+          "properties": {
+            "host": {
+              "type": "string",
+              "format": "hostname",
+              "description": "Copilot service hostname"
+            },
+            "paths": {
+              "type": "array",
+              "items": {
+                "type": "object",
+                "properties": {
+                  "path": { "type": "string" },
+                  "pathType": { "type": "string" }
+                }
+              },
+              "description": "Ingress paths for Copilot service"
+            }
+          }
+        },
         "tls": {
           "type": "object",
           "properties": {
diff --git a/helm/sim/values.yaml b/helm/sim/values.yaml
@@ -798,6 +798,10 @@ copilot:
       SIM_BASE_URL: ""
       SIM_AGENT_API_KEY: ""
       REDIS_URL: ""
+      # Optional configuration
+      LOG_LEVEL: "info"
+      CORS_ALLOWED_ORIGINS: ""
+      OTEL_EXPORTER_OTLP_ENDPOINT: ""
     
     # Optional: additional static environment variables
     extraEnv: []
@@ -835,7 +839,12 @@ copilot:
       periodSeconds: 30
       timeoutSeconds: 5
       failureThreshold: 3
-  
+
+    # Pod Disruption Budget for high availability
+    podDisruptionBudget:
+      enabled: false
+      minAvailable: 1
+
   # PostgreSQL database for copilot (separate from main Sim database)
   postgresql:
     # Enable/disable internal PostgreSQL for copilot
