feat: [PIDM-504] update deploy config

[dylantangredi-jakala]

List of Changes

• upgraded helm chart to v8.0.2
• added rolling update strategy (maxUnavailable, maxSurge)
• overridden deployment replicas to match HPA minReplica config

NOTE: upgraded in

• DEV -> OK
• UAT -> TODO
• PROD -> TODO

Motivation and Context

This upgrade was required to address an issue with the rollout strategy and the autoscaler behaviour, where the pods would scale down to 1 during deploy instead of keeping the same number of pods and doing +1 -1 to avoid traffic congestion. Also replicas are set to match the autoscaling config during deploy, to avoid starting the service with 1 pod when there is relevant traffic on the service.
This also ensures zero-downtime deployments by keeping all existing pods running until new versions are healthy and ready, then replacing them one at a time.

How Has This Been Tested?

VERY IMPORTANT
The scripts needs to be adapted for every service and launched on each environment before actually upgrading through helm upgrade (ref. https://github.com/pagopa/aks-microservice-chart-blueprint/blob/main/scripts/migrate_from_v7_to_v8.sh)

❯ ../../../migrate_from_v7_to_v8.sh fdr-nodo-fdrnodo fdr-nodo fdr
scaledobject.keda.sh/fdr-nodo-fdrnodo not labeled
scaledobject.keda.sh/fdr-nodo-fdrnodo not labeled
scaledobject.keda.sh/fdr-nodo-fdrnodo annotated
scaledobject.keda.sh/fdr-nodo-fdrnodo annotated

❯ kubectl get scaledobject fdr-nodo-fdrnodo -n fdr -o json | jq '{
    labels: {
      "app.kubernetes.io/instance": .metadata.labels."app.kubernetes.io/instance",
      "app.kubernetes.io/managed-by": .metadata.labels."app.kubernetes.io/managed-by"
    },
    annotations: {
      "meta.helm.sh/release-name": .metadata.annotations."meta.helm.sh/release-name",
      "meta.helm.sh/release-namespace": .metadata.annotations."meta.helm.sh/release-namespace"
    }
  }'
{
  "labels": {
    "app.kubernetes.io/instance": "fdr-nodo",
    "app.kubernetes.io/managed-by": "Helm"
  },
  "annotations": {
    "meta.helm.sh/release-name": "fdr-nodo",
    "meta.helm.sh/release-namespace": "fdr"
  }
}

❯ helm upgrade --namespace fdr \
    --install --values ./values-dev.yaml \
    --set fdrnodo.azure.workloadIdentityClientId=xxxxx \
    --set fdrnodo.podAnnotations.force-rollout="rollout-$(date +%s)" \
    --set-file fdrnodo.configMapFromFile."config-app\.conf"=./config/config-app.conf \
    --set-file fdrnodo.configMapFromFile."logback\.xml"=./config/logback.xml \
    --wait --timeout 15m0s \
    fdr-nodo .
Release "fdr-nodo" has been upgraded. Happy Helming!
NAME: fdr-nodo
LAST DEPLOYED: Wed Oct 15 15:33:43 2025
NAMESPACE: fdr
STATUS: deployed
REVISION: 37
TEST SUITE: None

❯ kubectl get deployment fdr-nodo-fdrnodo -n fdr -o jsonpath='{.metadata.labels.helm\.sh/blueprint-version}'
8.0.2%

❯ kubectl get scaledobject fdr-nodo-fdrnodo -n fdr -o jsonpath='{.metadata.labels.helm\.sh/blueprint-version}'
7.5.0%

NOTE: still on 7.5.0 so we delete the scaled object and redeploy:

❯ kubectl delete scaledobject fdr-nodo-fdrnodo -n fdr
scaledobject.keda.sh "fdr-nodo-fdrnodo" deleted from fdr namespace

❯ helm upgrade --namespace fdr \
    --install --values ./values-dev.yaml \
    --set fdrnodo.azure.workloadIdentityClientId=xxxxx  \
    --set fdrnodo.podAnnotations.force-rollout="rollout-$(date +%s)" \
    --set-file fdrnodo.configMapFromFile."config-app\.conf"=./config/config-app.conf \
    --set-file fdrnodo.configMapFromFile."logback\.xml"=./config/logback.xml \
    --wait --timeout 15m0s \
    fdr-nodo .
Release "fdr-nodo" has been upgraded. Happy Helming!
NAME: fdr-nodo
LAST DEPLOYED: Wed Oct 15 15:37:58 2025
NAMESPACE: fdr
STATUS: deployed
REVISION: 38
TEST SUITE: None

❯ kubectl get scaledobject fdr-nodo-fdrnodo -n fdr -o jsonpath='{.metadata.labels.helm\.sh/blueprint-version}'
8.0.2%

Screenshots (if appropriate):

Types of changes

• Bug fix (non-breaking change which fixes an issue)
• New feature (non-breaking change which adds functionality)
• Breaking change (fix or feature that would cause existing functionality to not work as expected)

Checklist:

• My change requires a change to the documentation.
• I have updated the documentation accordingly.

[github-actions]

The default action is to increase the PATCH number of SEMVER. Set IGNORE-FOR-RELEASE if you want to skip SEMVER bump. BREAKING-CHANGE and NEW-RELEASE must be run from GH Actions section manually.

[github-actions]

The default action is to increase the PATCH number of SEMVER. Set IGNORE-FOR-RELEASE if you want to skip SEMVER bump. BREAKING-CHANGE and NEW-RELEASE must be run from GH Actions section manually.

[github-actions]

This pull request does not contain a valid label. Please add one of the following labels: [patch, ignore-for-release]

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

[github-actions]

Comment this PR with update_code to format the code. Consider to use pre-commit to format the code.