Skip to content

cache warmup is now run as an init container #73

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
henzigo wants to merge 1 commit into
base: jg/cron-graceful-shutdown
Choose a base branch
from
Open

cache warmup is now run as an init container #73

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions UPGRADE.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,7 @@

## Upgrade from v5.0.0 to v5.1.0

- cache warmup is now run as an init container instead of a `postStart` lifecycle hook ([#73](https://github.com/shopsys/deployment/pull/73))
- cron pod is now always deleted gracefully ([#72](https://github.com/shopsys/deployment/pull/72))
- health check for webserver now uses PHP-FPM `ping` endpoint instead of nginx `stub_status` ([#71](https://github.com/shopsys/deployment/pull/71))
- update the `/health` location block in `project-nginx.conf` in your project's `app/orchestration/kubernetes/configmap/nginx.yaml` file to pass the request to PHP-FPM:
Expand Down
10 changes: 9 additions & 1 deletion deploy/parts/environment-variables.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -39,6 +39,14 @@ for key in "${!ENVIRONMENT_VARIABLES[@]}"; do
}
" "${CONFIGURATION_TARGET_PATH}/deployments/webserver-php-fpm.yaml"

# Webserver PHP-FPM warmup container
yq e -i "
.spec.template.spec.initContainers[1].env[${ITERATOR}] = {
\"name\": \"${key}\",
\"value\": \"${ENVIRONMENT_VARIABLES[$key]}\"
Comment on lines +45 to +46
Copy link

Copilot AI Apr 15, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This yq edit interpolates ${key} / ${ENVIRONMENT_VARIABLES[$key]} directly into the expression instead of using strenv(...) like the other env injections above. This can break when values contain quotes/newlines/backslashes and also risks yq-expression injection via unescaped content. Prefer reusing YQ_KEY/YQ_VALUE with strenv() (consistent with the other blocks) so values are safely escaped.

Suggested change
\"name\": \"${key}\",
\"value\": \"${ENVIRONMENT_VARIABLES[$key]}\"
\"name\": strenv(YQ_KEY),
\"value\": strenv(YQ_VALUE)

Copilot uses AI. Check for mistakes.
Comment on lines +44 to +46
Copy link

Copilot AI Apr 15, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The script writes warmup env vars to .spec.template.spec.initContainers[1], which is brittle if initContainers are reordered or additional initContainers are added later (env vars could end up on the wrong container). Consider selecting the initContainer by name (e.g., matching name == "warmup") rather than relying on a fixed index.

Suggested change
.spec.template.spec.initContainers[1].env[${ITERATOR}] = {
\"name\": \"${key}\",
\"value\": \"${ENVIRONMENT_VARIABLES[$key]}\"
(.spec.template.spec.initContainers[] | select(.name == \"warmup\")).env[${ITERATOR}] = {
\"name\": strenv(YQ_KEY),
\"value\": strenv(YQ_VALUE)

Copilot uses AI. Check for mistakes.
}
" "${CONFIGURATION_TARGET_PATH}/deployments/webserver-php-fpm.yaml"

# Cron deployment
yq e -i "
.spec.template.spec.containers[0].env[${ITERATOR}] = {
Expand Down Expand Up @@ -145,4 +153,4 @@ yq e -i "
unset YQ_KEY
unset YQ_VALUE

echo -e "[${GREEN}OK${NO_COLOR}]"
echo -e "[${GREEN}OK${NO_COLOR}]"
12 changes: 9 additions & 3 deletions kubernetes/deployments/webserver-php-fpm.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -83,15 +83,21 @@ spec:
- name: domains-urls
mountPath: /var/www/html/{{DOMAINS_URLS_FILEPATH}}
subPath: "{{DOMAINS_URLS_FILENAME}}"
- name: warmup
image: "{{TAG}}"
command: ["/var/www/html/phing", "-S", "warmup"]
volumeMounts:
- name: source-codes
mountPath: /var/www/html
- name: domains-urls
mountPath: /var/www/html/{{DOMAINS_URLS_FILEPATH}}
subPath: "{{DOMAINS_URLS_FILENAME}}"
Comment on lines +86 to +94
Copy link

Copilot AI Apr 15, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The warmup initContainer runs phing but doesn’t set workingDir. Elsewhere in this repo, containers that run phing explicitly set workingDir: /var/www/html (e.g., cron.yaml) or cd /var/www/html before invoking it, which suggests phing depends on the CWD to find the build file. Consider setting workingDir: /var/www/html for this initContainer (or wrapping the command with a cd) to avoid initContainer failures and pods stuck in Init state.

Copilot uses AI. Check for mistakes.
containers:
- image: "{{TAG}}"
name: php-fpm
imagePullPolicy: IfNotPresent
workingDir: /var/www/html
lifecycle:
postStart:
exec:
command: ["/var/www/html/phing", "-S", "warmup"]
preStop:
exec:
command: ["/bin/sh","-lc","sleep 10; kill -QUIT 1 || true"]
Expand Down
53 changes: 47 additions & 6 deletions tests/scenarios/basic-production/expected/webserver.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -741,12 +741,6 @@ spec:
image: v1.0.0
imagePullPolicy: IfNotPresent
lifecycle:
postStart:
exec:
command:
- /var/www/html/phing
- -S
- warmup
preStop:
exec:
command:
Expand Down Expand Up @@ -854,6 +848,53 @@ spec:
- mountPath: /var/www/html/config/domains_urls.yaml
name: domains-urls
subPath: domains_urls.yaml
- command:
- /var/www/html/phing
- -S
- warmup
env:
- name: ELASTICSEARCH_HOST
value: http://elasticsearch:9200
- name: TRUSTED_PROXY
value: 10.0.0.0/8
- name: DATABASE_NAME
value: myproject-production
- name: S3_ENDPOINT
value: https://s3.example.com
- name: MAILER_FORCE_WHITELIST
value: "false"
- name: DATABASE_USER
value: myproject-production
- name: DATABASE_PORT
value: "5432"
- name: MESSENGER_TRANSPORT_DSN
value: amqp://guest:guest@rabbitmq:5672/%2f/messages
- name: REDIS_PREFIX
value: myproject-production
- name: DATABASE_PASSWORD
value: test-db-password
- name: DATABASE_HOST
value: 10.0.0.100
- name: ELASTIC_SEARCH_INDEX_PREFIX
value: myproject-production
- name: S3_SECRET
value: test-s3-secret
- name: MAILER_DSN
value: smtp://mailhog:1025
- name: S3_BUCKET_NAME
value: myproject-production
- name: S3_ACCESS_KEY
value: myproject-production
- name: APP_SECRET
value: test-app-secret-key
image: v1.0.0
name: warmup
volumeMounts:
- mountPath: /var/www/html
name: source-codes
- mountPath: /var/www/html/config/domains_urls.yaml
name: domains-urls
subPath: domains_urls.yaml
terminationGracePeriodSeconds: 120
volumes:
- emptyDir: {}
Expand Down
53 changes: 47 additions & 6 deletions tests/scenarios/development-single-domain/expected/webserver.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -735,12 +735,6 @@ spec:
image: dev-latest
imagePullPolicy: IfNotPresent
lifecycle:
postStart:
exec:
command:
- /var/www/html/phing
- -S
- warmup
preStop:
exec:
command:
Expand Down Expand Up @@ -848,6 +842,53 @@ spec:
- mountPath: /var/www/html/config/domains_urls.yaml
name: domains-urls
subPath: domains_urls.yaml
- command:
- /var/www/html/phing
- -S
- warmup
env:
- name: ELASTICSEARCH_HOST
value: http://elasticsearch:9200
- name: TRUSTED_PROXY
value: 10.0.0.0/8
- name: DATABASE_NAME
value: myproject-dev
- name: S3_ENDPOINT
value: https://s3.example.com
- name: MAILER_FORCE_WHITELIST
value: "true"
- name: DATABASE_USER
value: myproject-dev
- name: DATABASE_PORT
value: "5432"
- name: MESSENGER_TRANSPORT_DSN
value: amqp://guest:guest@rabbitmq:5672/%2f/messages
- name: REDIS_PREFIX
value: myproject-dev
- name: DATABASE_PASSWORD
value: test-db-password
- name: DATABASE_HOST
value: 10.0.0.100
- name: ELASTIC_SEARCH_INDEX_PREFIX
value: myproject-dev
- name: S3_SECRET
value: test-s3-secret
- name: MAILER_DSN
value: smtp://mailhog:1025
- name: S3_BUCKET_NAME
value: myproject-dev
- name: S3_ACCESS_KEY
value: myproject-dev
- name: APP_SECRET
value: test-app-secret-key
image: dev-latest
name: warmup
volumeMounts:
- mountPath: /var/www/html
name: source-codes
- mountPath: /var/www/html/config/domains_urls.yaml
name: domains-urls
subPath: domains_urls.yaml
terminationGracePeriodSeconds: 120
volumes:
- emptyDir: {}
Expand Down
55 changes: 49 additions & 6 deletions tests/scenarios/escaping-env/expected/webserver.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -748,12 +748,6 @@ spec:
image: v1.0.0
imagePullPolicy: IfNotPresent
lifecycle:
postStart:
exec:
command:
- /var/www/html/phing
- -S
- warmup
preStop:
exec:
command:
Expand Down Expand Up @@ -861,6 +855,55 @@ spec:
- mountPath: /var/www/html/config/domains_urls.yaml
name: domains-urls
subPath: domains_urls.yaml
- command:
- /var/www/html/phing
- -S
- warmup
env:
- name: ELASTICSEARCH_HOST
value: http://elasticsearch:9200
- name: TRUSTED_PROXY
value: 10.0.0.0/8
- name: DATABASE_NAME
value: myproject-production
- name: S3_ENDPOINT
value: https://s3.example.com
- name: MAILER_FORCE_WHITELIST
value: "false"
- name: DATABASE_USER
value: myproject-production
- name: DATABASE_PORT
value: "5432"
- name: MESSENGER_TRANSPORT_DSN
value: amqp://guest:guest@rabbitmq:5672/%2f/messages
- name: REDIS_PREFIX
value: myproject-production
- name: DATABASE_PASSWORD
value: test-db-password
- name: DATABASE_HOST
value: 10.0.0.100
- name: ELASTIC_SEARCH_INDEX_PREFIX
value: myproject-production
- name: SENTRY_RELEASE
value: "479411e7"
- name: S3_SECRET
value: test-s3-secret
- name: MAILER_DSN
value: smtp://mailhog:1025
- name: S3_BUCKET_NAME
value: myproject-production
- name: S3_ACCESS_KEY
value: myproject-production
- name: APP_SECRET
value: test-app-secret-key
image: v1.0.0
name: warmup
volumeMounts:
- mountPath: /var/www/html
name: source-codes
- mountPath: /var/www/html/config/domains_urls.yaml
name: domains-urls
subPath: domains_urls.yaml
terminationGracePeriodSeconds: 120
volumes:
- emptyDir: {}
Expand Down
53 changes: 47 additions & 6 deletions tests/scenarios/production-with-cloudflare/expected/webserver.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -742,12 +742,6 @@ spec:
image: v2.5.0
imagePullPolicy: IfNotPresent
lifecycle:
postStart:
exec:
command:
- /var/www/html/phing
- -S
- warmup
preStop:
exec:
command:
Expand Down Expand Up @@ -855,6 +849,53 @@ spec:
- mountPath: /var/www/html/config/domains_urls.yaml
name: domains-urls
subPath: domains_urls.yaml
- command:
- /var/www/html/phing
- -S
- warmup
env:
- name: ELASTICSEARCH_HOST
value: http://elasticsearch:9200
- name: TRUSTED_PROXY
value: 10.0.0.0/8
- name: DATABASE_NAME
value: shop-production
- name: S3_ENDPOINT
value: https://s3.example.com
- name: MAILER_FORCE_WHITELIST
value: "false"
- name: DATABASE_USER
value: shop-production
- name: DATABASE_PORT
value: "5432"
- name: MESSENGER_TRANSPORT_DSN
value: amqp://guest:guest@rabbitmq:5672/%2f/messages
- name: REDIS_PREFIX
value: shop-production
- name: DATABASE_PASSWORD
value: test-db-password
- name: DATABASE_HOST
value: 10.0.0.100
- name: ELASTIC_SEARCH_INDEX_PREFIX
value: shop-production
- name: S3_SECRET
value: test-s3-secret
- name: MAILER_DSN
value: smtp://mailhog:1025
- name: S3_BUCKET_NAME
value: shop-production
- name: S3_ACCESS_KEY
value: shop-production
- name: APP_SECRET
value: test-app-secret-key
image: v2.5.0
name: warmup
volumeMounts:
- mountPath: /var/www/html
name: source-codes
- mountPath: /var/www/html/config/domains_urls.yaml
name: domains-urls
subPath: domains_urls.yaml
terminationGracePeriodSeconds: 120
volumes:
- emptyDir: {}
Expand Down