Merge pull request #5 from innovatrics/feature/self-managed-pgsql

Feature/self managed pgsql

CHANGELOG.md

@@ -5,9 +5,12 @@
 ### Added
 - Support for using [minio subchart](https://github.com/bitnami/charts/tree/main/bitnami/minio) in place of S3 bucket
   - This is now default behavior of the helm chart
+- Support for using [postgresql subchart](https://github.com/bitnami/charts/tree/main/bitnami/postgresql) in place of externally managed PgSQL instance
+  - This is now default behavior of the helm chart
 
 ### Breaking change
 - MinIO subchart is enabled and used by default. To keep using S3 bucket managed outside of this helm chart please set the `minio.enabled` value to `false` and provide configuration details via `configurations.s3`
+- Postgresql subchart is enabled and used by default. To keep using PgSQL instance managed outside of this helm chart please set the `postgresql.enabled` value to `false` and provide configuration details via `configurations.database`
 
 ## [v0.4.0]
 

Chart.lock

@@ -8,5 +8,8 @@ dependencies:
 - name: minio
   repository: oci://registry-1.docker.io/bitnamicharts
   version: 12.8.15
-digest: sha256:377f0abfb50bbc8665ab4176a9a24747d5bedc8604f4a867ab82006e8e3d2805
-generated: "2023-11-02T13:06:27.794117+01:00"
+- name: postgresql
+  repository: oci://registry-1.docker.io/bitnamicharts
+  version: 13.2.1
+digest: sha256:ee66b91ea3523af56af83032788c773f0fee056211a4c3d78f903ae135238099
+generated: "2023-11-06T15:07:48.932408+01:00"

Chart.yaml

@@ -15,6 +15,10 @@ dependencies:
     version: "12.8.15"
     repository: "oci://registry-1.docker.io/bitnamicharts"
     condition: minio.enabled
+  - name: postgresql
+    version: "13.2.1"
+    repository: "oci://registry-1.docker.io/bitnamicharts"
+    condition: postgresql.enabled
 
 type: application
 

README.md

@@ -17,23 +17,17 @@ helm install smartface oci://ghcr.io/innovatrics/sf-helm/smartface
 The helm chart needs certain objects to be present in the cluster before it can be installed. Refer to `external-config.yaml` for examples for the required objects:
 
 1. [Registry credentials secret](https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/#create-a-secret-by-providing-credentials-on-the-command-line)
-  - Get the credentials from [Customer portal](https://customerportal.innovatrics.com)
-  - The secret name must match `imagePullSecrets` value
-  - see comments in `external-config.yaml` for commands to create kubernetes manifest with credentials
+    - Get the credentials from [Customer portal](https://customerportal.innovatrics.com)
+    - The secret name must match `imagePullSecrets` value
+    - see comments in `external-config.yaml` for commands to create kubernetes manifest with credentials
+
 1. License file secret
-  - Get the license file from [Customer portal](https://customerportal.innovatrics.com)
-  - The secret name must match `license.secretName` value
-  - see comments in `external-config.yaml` for commands to create kubernetes manifest with license file
-1. S3 bucket
-  - Create an S3 bucket
-  - Configure details of S3 bucket by supplying values to object `configurations.s3`
-1. pgsql server
-  - Create a PgSql server
-  - Create a Secret - see `external-config.yaml` for example
-  - Secret name must match `configurations.database.secretName` value
-  - key in the Secret must match `configurations.database.connectionStringKey` value
+    - Get the license file from [Customer portal](https://customerportal.innovatrics.com)
+    - The secret name must match `license.secretName` value
+    - see comments in `external-config.yaml` for commands to create kubernetes manifest with license file
+
 1. Optionally [KEDA](https://keda.sh/) for autoscaling
-  - see `autoscaling.*` values for more info
+    - see `autoscaling.*` values for more info
 
 ## Ingress
 
@@ -45,6 +39,7 @@ By default an ingress object is created with the helm chart. To configure the in
 |------------|------|---------|
 | oci://ghcr.io/innovatrics/sf-helm | sf-tenant-operator | 0.2.0 |
 | oci://registry-1.docker.io/bitnamicharts | minio | 12.8.15 |
+| oci://registry-1.docker.io/bitnamicharts | postgresql | 13.2.1 |
 | oci://registry-1.docker.io/bitnamicharts | rabbitmq | 12.0.4 |
 
 All chart dependencies are optional and can be disabled and supplemented with other (for example cloud-based) alternatives
@@ -108,6 +103,26 @@ data:
   useBucketRegion: "true"
 ```
 
+### Postgresql
+To use externally managed PgSQL instance:
+- set `postgresql.enabled=false`
+- provide databse configuration:
+  - create a Secret - see `external-config.yaml` for example
+  - secret name must match `configurations.database.secretName` value
+  - key in the Secret must match `configurations.database.connectionStringKey` value
+  - see Sample objects for example
+
+#### Sample objects
+```
+apiVersion: v1
+stringData:
+  # supply pgsql server connection string - https://learn.microsoft.com/en-us/dotnet/framework/data/adonet/connection-strings
+  cs: "Server=<hostname>;Database=<db-name>;Username=<username>;Password=<password>;"
+kind: Secret
+metadata:
+  name: db-cs
+```
+
 ## Values
 
 | Key | Type | Default | Description |
@@ -439,6 +454,7 @@ data:
 | nameOverride | string | `nil` | Overrides the chart's name |
 | podAnnotations | object | `{}` | Common annotations for all pods |
 | podLabels | object | `{}` | Common labels for all pods |
+| postgresql | object | `{"enabled":true,"primary":{"initdb":{"scripts":{"create-database.sql":"CREATE DATABASE smartface"}}}}` | config for postgresql subchart, see https://github.com/bitnami/charts/tree/main/bitnami/postgresql |
 | rabbitmq | object | `{"auth":{"erlangCookie":"","existingSecretName":"","password":"","secretKey":"rabbitmq-password","username":"smartface"},"enabled":true,"extraPlugins":"rabbitmq_stream rabbitmq_stream_management rabbitmq_mqtt","mqttConfiguration":{"existingConfigMapName":"","hostname":"","port":1883,"useSsl":false,"username":""},"mqttPublicService":{"enabled":false,"mqttDnsHost":""},"rmqConfiguration":{"existingConfigMapName":"","hostname":"","port":5672,"streamsPort":5552,"useSsl":false,"username":""},"service":{"extraPorts":[{"name":"mqtt","port":1883,"targetPort":1883},{"name":"rmq-stream","port":5552,"targetPort":5552}]}}` | config for rabbitmq subchart, see https://github.com/bitnami/charts/tree/main/bitnami/rabbitmq |
 | rabbitmq.auth.erlangCookie | string | `""` | used by subchart |
 | rabbitmq.auth.existingSecretName | string | `""` | supply to bring you own secret. The secret needs to contain rabbitmq password under the key with name defined in `rabbitmq.auth.secretKey` |
@@ -528,6 +544,7 @@ data:
 
 ### [v0.5.0]
 - MinIO subchart is enabled and used by default. To keep using S3 bucket managed outside of this helm chart please set the `minio.enabled` value to `false` and provide configuration details via `configurations.s3`
+- Postgresql subchart is enabled and used by default. To keep using PgSQL instance managed outside of this helm chart please set the `postgresql.enabled` value to `false` and provide configuration details via `configurations.database`
 
 ### [v0.4.0]
 - Changed default behavior for creating S3 configuration. If you like to continue managing the previously created S3 config map please use the `configurations.s3.existingConfigMapName` field. Otherwise the ConfigMap will be managed by the helm chart using the values provided in `configurations.s3`

README.md.gotmpl

@@ -18,23 +18,17 @@ helm install smartface oci://ghcr.io/innovatrics/sf-helm/smartface
 The helm chart needs certain objects to be present in the cluster before it can be installed. Refer to `external-config.yaml` for examples for the required objects:
 
 1. [Registry credentials secret](https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/#create-a-secret-by-providing-credentials-on-the-command-line)
-  - Get the credentials from [Customer portal](https://customerportal.innovatrics.com)
-  - The secret name must match `imagePullSecrets` value
-  - see comments in `external-config.yaml` for commands to create kubernetes manifest with credentials
+    - Get the credentials from [Customer portal](https://customerportal.innovatrics.com)
+    - The secret name must match `imagePullSecrets` value
+    - see comments in `external-config.yaml` for commands to create kubernetes manifest with credentials
+
 1. License file secret
-  - Get the license file from [Customer portal](https://customerportal.innovatrics.com)
-  - The secret name must match `license.secretName` value
-  - see comments in `external-config.yaml` for commands to create kubernetes manifest with license file
-1. S3 bucket
-  - Create an S3 bucket
-  - Configure details of S3 bucket by supplying values to object `configurations.s3`
-1. pgsql server
-  - Create a PgSql server
-  - Create a Secret - see `external-config.yaml` for example
-  - Secret name must match `configurations.database.secretName` value
-  - key in the Secret must match `configurations.database.connectionStringKey` value
+    - Get the license file from [Customer portal](https://customerportal.innovatrics.com)
+    - The secret name must match `license.secretName` value
+    - see comments in `external-config.yaml` for commands to create kubernetes manifest with license file
+
 1. Optionally [KEDA](https://keda.sh/) for autoscaling
-  - see `autoscaling.*` values for more info
+    - see `autoscaling.*` values for more info
 
 ## Ingress
 
@@ -103,6 +97,26 @@ data:
   useBucketRegion: "true"
 ```
 
+### Postgresql
+To use externally managed PgSQL instance:
+- set `postgresql.enabled=false`
+- provide databse configuration:
+  - create a Secret - see `external-config.yaml` for example
+  - secret name must match `configurations.database.secretName` value
+  - key in the Secret must match `configurations.database.connectionStringKey` value
+  - see Sample objects for example
+
+#### Sample objects
+```
+apiVersion: v1
+stringData:
+  # supply pgsql server connection string - https://learn.microsoft.com/en-us/dotnet/framework/data/adonet/connection-strings
+  cs: "Server=<hostname>;Database=<db-name>;Username=<username>;Password=<password>;"
+kind: Secret
+metadata:
+  name: db-cs
+```
+
 {{ template "chart.valuesSection" . }}
 
 {{ template "chart.maintainersSection" . }}
@@ -113,6 +127,7 @@ data:
 
 ### [v0.5.0]
 - MinIO subchart is enabled and used by default. To keep using S3 bucket managed outside of this helm chart please set the `minio.enabled` value to `false` and provide configuration details via `configurations.s3`
+- Postgresql subchart is enabled and used by default. To keep using PgSQL instance managed outside of this helm chart please set the `postgresql.enabled` value to `false` and provide configuration details via `configurations.database`
 
 ### [v0.4.0]
 - Changed default behavior for creating S3 configuration. If you like to continue managing the previously created S3 config map please use the `configurations.s3.existingConfigMapName` field. Otherwise the ConfigMap will be managed by the helm chart using the values provided in `configurations.s3`

external-config.yaml

@@ -21,10 +21,3 @@ kind: Secret
 metadata:
   name: iface-lic
 ---
-apiVersion: v1
-stringData:
-# supply pgsql server
-  cs: "Server=<hostname>;Database=<db-name>;Username=<username>;Password=<password>;"
-kind: Secret
-metadata:
-  name: db-cs

templates/_configurations.tpl

@@ -2,11 +2,27 @@
 Template used for adding database configuration to containers
 */}}
 {{- define "smartface.dbConfig" -}}
+{{- if .Values.postgresql.enabled }}
+- name: "DB_HOST"
+  value: "{{ .Release.Name }}-postgresql.{{ .Release.Namespace }}.svc.cluster.local"
+- name: "DB_USER"
+  value: "postgres"
+- name: "DB_DATABASE"
+  value: "smartface"
+- name: "DB_PASSWORD"
+  valueFrom:
+    secretKeyRef:
+      name: "{{ .Release.Name }}-postgresql"
+      key: "postgres-password"
+- name: "ConnectionStrings__CoreDbContext"
+  value: "Server=$(DB_HOST);Database=$(DB_DATABASE);Username=$(DB_USER);Password='$(DB_PASSWORD)';"
+{{- else }}
 - name: "ConnectionStrings__CoreDbContext"
   valueFrom:
     secretKeyRef:
       name: {{ .Values.configurations.database.existingSecretName | quote }}
       key: {{ .Values.configurations.database.connectionStringKey | quote }}
+{{- end }}
 - name: "Database__DbEngine"
   value: "PgSql"
 {{- end }}

templates/_helpers.tpl

@@ -71,20 +71,16 @@ Init container to perform database migration before starting the main container
   args: [
     "run-migration",
     "-p", "1",
-    "-c", "$(db_cs)",
-    "-dbe", "PgSql",
+    "-c", "$(ConnectionStrings__CoreDbContext)",
+    "-dbe", "$(Database__DbEngine)",
     "--rmq-host", "$(RabbitMQ__Hostname)",
     "--rmq-user", "$(RabbitMQ__Username)",
     "--rmq-pass", "$(RabbitMQ__Password)",
     "--rmq-port", "$(RabbitMQ__Port)",
     "--rmq-use-ssl", "$(RabbitMQ__UseSsl)",
     "--rmq-virtual-host", "/"]
   env:
-    - name: "db_cs"
-      valueFrom:
-        secretKeyRef:
-          name: {{ .Values.configurations.database.existingSecretName | quote }}
-          key: {{ .Values.configurations.database.connectionStringKey | quote }}
+    {{- include "smartface.dbConfig" . | nindent 4 }}
     {{- include "smartface.rmqConfig" . | nindent 4 }}
   resources:
     {{- toYaml .Values.migration.initContainer.resources | nindent 4 }}

templates/_validations.tpl

@@ -52,8 +52,10 @@ Station requires enabled graphqlApi to work properly
 Validate that the Database connection string secret exists with correct key
 */}}
 {{- define "smartface.validate.dbConnectionSecret" -}}
+{{- if not .Values.postgresql.enabled -}}
 {{ include "smartface.validate.genericResourceWithKey" (dict "Version" "v1" "Type" "Secret" "Namespace" .Release.Namespace "Name" .Values.configurations.database.existingSecretName "Key" .Values.configurations.database.connectionStringKey) }}
 {{- end -}}
+{{- end -}}
 
 {{/*
 Validate that the S3 config map exists with correct keys

values.yaml

@@ -122,6 +122,14 @@ minio:
   enabled: true
   defaultBuckets: "smartface"
 
+# -- config for postgresql subchart, see https://github.com/bitnami/charts/tree/main/bitnami/postgresql
+postgresql:
+  enabled: true
+  primary:
+    initdb:
+      scripts:
+        create-database.sql: "CREATE DATABASE smartface"
+
 api:
   enabled: true
   name: "api"