From 0b3767902f948a1f3b6ea61ea188487d55121201 Mon Sep 17 00:00:00 2001 From: Adam Blasko Date: Tue, 7 Nov 2023 14:00:53 +0100 Subject: [PATCH 1/3] Added pgsql subchart Modified documentation --- CHANGELOG.md | 3 +++ Chart.lock | 7 +++++-- Chart.yaml | 4 ++++ README.md | 31 +++++++++++++++++++++++-------- README.md.gotmpl | 29 +++++++++++++++++++++-------- external-config.yaml | 7 ------- templates/_configurations.tpl | 16 ++++++++++++++++ templates/_helpers.tpl | 10 +++------- templates/_validations.tpl | 2 ++ values.yaml | 8 ++++++++ 10 files changed, 85 insertions(+), 32 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 8771fb8..40d0825 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -5,9 +5,12 @@ ### Added - Support for using [minio subchart](https://github.com/bitnami/charts/tree/main/bitnami/minio) in place of S3 bucket - This is now default behavior of the helm chart +- Support for using [postgresql subchart](https://github.com/bitnami/charts/tree/main/bitnami/postgresql) in place of externally managed PgSQL instance + - This is now default behavior of the helm chart ### Breaking change - MinIO subchart is enabled and used by default. To keep using S3 bucket managed outside of this helm chart please set the `minio.enabled` value to `false` and provide configuration details via `configurations.s3` +- Postgresql subchart is enabled and used by default. To keep using PgSQL instance managed outside of this helm chart please set the `postgresql.enabled` value to `false` and provide configuration details via `configurations.database` ## [v0.4.0] diff --git a/Chart.lock b/Chart.lock index 334ca31..923a827 100644 --- a/Chart.lock +++ b/Chart.lock @@ -8,5 +8,8 @@ dependencies: - name: minio repository: oci://registry-1.docker.io/bitnamicharts version: 12.8.15 -digest: sha256:377f0abfb50bbc8665ab4176a9a24747d5bedc8604f4a867ab82006e8e3d2805 -generated: "2023-11-02T13:06:27.794117+01:00" +- name: postgresql + repository: oci://registry-1.docker.io/bitnamicharts + version: 13.2.1 +digest: sha256:ee66b91ea3523af56af83032788c773f0fee056211a4c3d78f903ae135238099 +generated: "2023-11-06T15:07:48.932408+01:00" diff --git a/Chart.yaml b/Chart.yaml index b3a43a1..144febf 100644 --- a/Chart.yaml +++ b/Chart.yaml @@ -15,6 +15,10 @@ dependencies: version: "12.8.15" repository: "oci://registry-1.docker.io/bitnamicharts" condition: minio.enabled + - name: postgresql + version: "13.2.1" + repository: "oci://registry-1.docker.io/bitnamicharts" + condition: postgresql.enabled type: application diff --git a/README.md b/README.md index 40220b9..9625fe8 100644 --- a/README.md +++ b/README.md @@ -24,14 +24,6 @@ The helm chart needs certain objects to be present in the cluster before it can - Get the license file from [Customer portal](https://customerportal.innovatrics.com) - The secret name must match `license.secretName` value - see comments in `external-config.yaml` for commands to create kubernetes manifest with license file -1. S3 bucket - - Create an S3 bucket - - Configure details of S3 bucket by supplying values to object `configurations.s3` -1. pgsql server - - Create a PgSql server - - Create a Secret - see `external-config.yaml` for example - - Secret name must match `configurations.database.secretName` value - - key in the Secret must match `configurations.database.connectionStringKey` value 1. Optionally [KEDA](https://keda.sh/) for autoscaling - see `autoscaling.*` values for more info @@ -45,6 +37,7 @@ By default an ingress object is created with the helm chart. To configure the in |------------|------|---------| | oci://ghcr.io/innovatrics/sf-helm | sf-tenant-operator | 0.2.0 | | oci://registry-1.docker.io/bitnamicharts | minio | 12.8.15 | +| oci://registry-1.docker.io/bitnamicharts | postgresql | 13.2.1 | | oci://registry-1.docker.io/bitnamicharts | rabbitmq | 12.0.4 | All chart dependencies are optional and can be disabled and supplemented with other (for example cloud-based) alternatives @@ -108,6 +101,26 @@ data: useBucketRegion: "true" ``` +### Postgresql +To use externally managed PgSQL instance: +- set `postgresql.enabled=false` +- provide databse configuration: + - create a Secret - see `external-config.yaml` for example + - secret name must match `configurations.database.secretName` value + - key in the Secret must match `configurations.database.connectionStringKey` value + - see Sample objects for example + +#### Sample objects +``` +apiVersion: v1 +stringData: + # supply pgsql server connection string - https://learn.microsoft.com/en-us/dotnet/framework/data/adonet/connection-strings + cs: "Server=;Database=;Username=;Password=;" +kind: Secret +metadata: + name: db-cs +``` + ## Values | Key | Type | Default | Description | @@ -439,6 +452,7 @@ data: | nameOverride | string | `nil` | Overrides the chart's name | | podAnnotations | object | `{}` | Common annotations for all pods | | podLabels | object | `{}` | Common labels for all pods | +| postgresql | object | `{"enabled":true,"primary":{"initdb":{"scripts":{"create-database.sql":"CREATE DATABASE smartface"}}}}` | config for postgresql subchart, see https://github.com/bitnami/charts/tree/main/bitnami/postgresql | | rabbitmq | object | `{"auth":{"erlangCookie":"","existingSecretName":"","password":"","secretKey":"rabbitmq-password","username":"smartface"},"enabled":true,"extraPlugins":"rabbitmq_stream rabbitmq_stream_management rabbitmq_mqtt","mqttConfiguration":{"existingConfigMapName":"","hostname":"","port":1883,"useSsl":false,"username":""},"mqttPublicService":{"enabled":false,"mqttDnsHost":""},"rmqConfiguration":{"existingConfigMapName":"","hostname":"","port":5672,"streamsPort":5552,"useSsl":false,"username":""},"service":{"extraPorts":[{"name":"mqtt","port":1883,"targetPort":1883},{"name":"rmq-stream","port":5552,"targetPort":5552}]}}` | config for rabbitmq subchart, see https://github.com/bitnami/charts/tree/main/bitnami/rabbitmq | | rabbitmq.auth.erlangCookie | string | `""` | used by subchart | | rabbitmq.auth.existingSecretName | string | `""` | supply to bring you own secret. The secret needs to contain rabbitmq password under the key with name defined in `rabbitmq.auth.secretKey` | @@ -528,6 +542,7 @@ data: ### [v0.5.0] - MinIO subchart is enabled and used by default. To keep using S3 bucket managed outside of this helm chart please set the `minio.enabled` value to `false` and provide configuration details via `configurations.s3` +- Postgresql subchart is enabled and used by default. To keep using PgSQL instance managed outside of this helm chart please set the `postgresql.enabled` value to `false` and provide configuration details via `configurations.database` ### [v0.4.0] - Changed default behavior for creating S3 configuration. If you like to continue managing the previously created S3 config map please use the `configurations.s3.existingConfigMapName` field. Otherwise the ConfigMap will be managed by the helm chart using the values provided in `configurations.s3` diff --git a/README.md.gotmpl b/README.md.gotmpl index c4c9dfa..b9d2b83 100644 --- a/README.md.gotmpl +++ b/README.md.gotmpl @@ -25,14 +25,6 @@ The helm chart needs certain objects to be present in the cluster before it can - Get the license file from [Customer portal](https://customerportal.innovatrics.com) - The secret name must match `license.secretName` value - see comments in `external-config.yaml` for commands to create kubernetes manifest with license file -1. S3 bucket - - Create an S3 bucket - - Configure details of S3 bucket by supplying values to object `configurations.s3` -1. pgsql server - - Create a PgSql server - - Create a Secret - see `external-config.yaml` for example - - Secret name must match `configurations.database.secretName` value - - key in the Secret must match `configurations.database.connectionStringKey` value 1. Optionally [KEDA](https://keda.sh/) for autoscaling - see `autoscaling.*` values for more info @@ -103,6 +95,26 @@ data: useBucketRegion: "true" ``` +### Postgresql +To use externally managed PgSQL instance: +- set `postgresql.enabled=false` +- provide databse configuration: + - create a Secret - see `external-config.yaml` for example + - secret name must match `configurations.database.secretName` value + - key in the Secret must match `configurations.database.connectionStringKey` value + - see Sample objects for example + +#### Sample objects +``` +apiVersion: v1 +stringData: + # supply pgsql server connection string - https://learn.microsoft.com/en-us/dotnet/framework/data/adonet/connection-strings + cs: "Server=;Database=;Username=;Password=;" +kind: Secret +metadata: + name: db-cs +``` + {{ template "chart.valuesSection" . }} {{ template "chart.maintainersSection" . }} @@ -113,6 +125,7 @@ data: ### [v0.5.0] - MinIO subchart is enabled and used by default. To keep using S3 bucket managed outside of this helm chart please set the `minio.enabled` value to `false` and provide configuration details via `configurations.s3` +- Postgresql subchart is enabled and used by default. To keep using PgSQL instance managed outside of this helm chart please set the `postgresql.enabled` value to `false` and provide configuration details via `configurations.database` ### [v0.4.0] - Changed default behavior for creating S3 configuration. If you like to continue managing the previously created S3 config map please use the `configurations.s3.existingConfigMapName` field. Otherwise the ConfigMap will be managed by the helm chart using the values provided in `configurations.s3` diff --git a/external-config.yaml b/external-config.yaml index 3b206c5..fe116d0 100644 --- a/external-config.yaml +++ b/external-config.yaml @@ -21,10 +21,3 @@ kind: Secret metadata: name: iface-lic --- -apiVersion: v1 -stringData: -# supply pgsql server - cs: "Server=;Database=;Username=;Password=;" -kind: Secret -metadata: - name: db-cs diff --git a/templates/_configurations.tpl b/templates/_configurations.tpl index a24a491..2b43e8b 100644 --- a/templates/_configurations.tpl +++ b/templates/_configurations.tpl @@ -2,11 +2,27 @@ Template used for adding database configuration to containers */}} {{- define "smartface.dbConfig" -}} +{{- if .Values.postgresql.enabled }} +- name: "DB_HOST" + value: "{{ .Release.Name }}-postgresql.{{ .Release.Namespace }}.svc.cluster.local" +- name: "DB_USER" + value: "postgres" +- name: "DB_DATABASE" + value: "smartface" +- name: "DB_PASSWORD" + valueFrom: + secretKeyRef: + name: "{{ .Release.Name }}-postgresql" + key: "postgres-password" +- name: "ConnectionStrings__CoreDbContext" + value: "Server=$(DB_HOST);Database=$(DB_DATABASE);Username=$(DB_USER);Password=$(DB_PASSWORD);" +{{- else }} - name: "ConnectionStrings__CoreDbContext" valueFrom: secretKeyRef: name: {{ .Values.configurations.database.existingSecretName | quote }} key: {{ .Values.configurations.database.connectionStringKey | quote }} +{{- end }} - name: "Database__DbEngine" value: "PgSql" {{- end }} diff --git a/templates/_helpers.tpl b/templates/_helpers.tpl index 68e6dc2..b75669d 100644 --- a/templates/_helpers.tpl +++ b/templates/_helpers.tpl @@ -71,8 +71,8 @@ Init container to perform database migration before starting the main container args: [ "run-migration", "-p", "1", - "-c", "$(db_cs)", - "-dbe", "PgSql", + "-c", "$(ConnectionStrings__CoreDbContext)", + "-dbe", "$(Database__DbEngine)", "--rmq-host", "$(RabbitMQ__Hostname)", "--rmq-user", "$(RabbitMQ__Username)", "--rmq-pass", "$(RabbitMQ__Password)", @@ -80,11 +80,7 @@ Init container to perform database migration before starting the main container "--rmq-use-ssl", "$(RabbitMQ__UseSsl)", "--rmq-virtual-host", "/"] env: - - name: "db_cs" - valueFrom: - secretKeyRef: - name: {{ .Values.configurations.database.existingSecretName | quote }} - key: {{ .Values.configurations.database.connectionStringKey | quote }} + {{- include "smartface.dbConfig" . | nindent 4 }} {{- include "smartface.rmqConfig" . | nindent 4 }} resources: {{- toYaml .Values.migration.initContainer.resources | nindent 4 }} diff --git a/templates/_validations.tpl b/templates/_validations.tpl index 84ab51a..f448dfb 100644 --- a/templates/_validations.tpl +++ b/templates/_validations.tpl @@ -52,8 +52,10 @@ Station requires enabled graphqlApi to work properly Validate that the Database connection string secret exists with correct key */}} {{- define "smartface.validate.dbConnectionSecret" -}} +{{- if not .Values.postgresql.enabled -}} {{ include "smartface.validate.genericResourceWithKey" (dict "Version" "v1" "Type" "Secret" "Namespace" .Release.Namespace "Name" .Values.configurations.database.existingSecretName "Key" .Values.configurations.database.connectionStringKey) }} {{- end -}} +{{- end -}} {{/* Validate that the S3 config map exists with correct keys diff --git a/values.yaml b/values.yaml index 870dee4..f805543 100644 --- a/values.yaml +++ b/values.yaml @@ -122,6 +122,14 @@ minio: enabled: true defaultBuckets: "smartface" +# -- config for postgresql subchart, see https://github.com/bitnami/charts/tree/main/bitnami/postgresql +postgresql: + enabled: true + primary: + initdb: + scripts: + create-database.sql: "CREATE DATABASE smartface" + api: enabled: true name: "api" From 8c2a0437719f1d6bea32e53435da6a55dc94b402 Mon Sep 17 00:00:00 2001 From: Adam Blasko Date: Tue, 7 Nov 2023 14:04:17 +0100 Subject: [PATCH 2/3] MD formatting fix --- README.md | 16 +++++++++------- README.md.gotmpl | 16 +++++++++------- 2 files changed, 18 insertions(+), 14 deletions(-) diff --git a/README.md b/README.md index 9625fe8..307d8f5 100644 --- a/README.md +++ b/README.md @@ -17,15 +17,17 @@ helm install smartface oci://ghcr.io/innovatrics/sf-helm/smartface The helm chart needs certain objects to be present in the cluster before it can be installed. Refer to `external-config.yaml` for examples for the required objects: 1. [Registry credentials secret](https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/#create-a-secret-by-providing-credentials-on-the-command-line) - - Get the credentials from [Customer portal](https://customerportal.innovatrics.com) - - The secret name must match `imagePullSecrets` value - - see comments in `external-config.yaml` for commands to create kubernetes manifest with credentials + - Get the credentials from [Customer portal](https://customerportal.innovatrics.com) + - The secret name must match `imagePullSecrets` value + - see comments in `external-config.yaml` for commands to create kubernetes manifest with credentials + 1. License file secret - - Get the license file from [Customer portal](https://customerportal.innovatrics.com) - - The secret name must match `license.secretName` value - - see comments in `external-config.yaml` for commands to create kubernetes manifest with license file + - Get the license file from [Customer portal](https://customerportal.innovatrics.com) + - The secret name must match `license.secretName` value + - see comments in `external-config.yaml` for commands to create kubernetes manifest with license file + 1. Optionally [KEDA](https://keda.sh/) for autoscaling - - see `autoscaling.*` values for more info + - see `autoscaling.*` values for more info ## Ingress diff --git a/README.md.gotmpl b/README.md.gotmpl index b9d2b83..6a45d5a 100644 --- a/README.md.gotmpl +++ b/README.md.gotmpl @@ -18,15 +18,17 @@ helm install smartface oci://ghcr.io/innovatrics/sf-helm/smartface The helm chart needs certain objects to be present in the cluster before it can be installed. Refer to `external-config.yaml` for examples for the required objects: 1. [Registry credentials secret](https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/#create-a-secret-by-providing-credentials-on-the-command-line) - - Get the credentials from [Customer portal](https://customerportal.innovatrics.com) - - The secret name must match `imagePullSecrets` value - - see comments in `external-config.yaml` for commands to create kubernetes manifest with credentials + - Get the credentials from [Customer portal](https://customerportal.innovatrics.com) + - The secret name must match `imagePullSecrets` value + - see comments in `external-config.yaml` for commands to create kubernetes manifest with credentials + 1. License file secret - - Get the license file from [Customer portal](https://customerportal.innovatrics.com) - - The secret name must match `license.secretName` value - - see comments in `external-config.yaml` for commands to create kubernetes manifest with license file + - Get the license file from [Customer portal](https://customerportal.innovatrics.com) + - The secret name must match `license.secretName` value + - see comments in `external-config.yaml` for commands to create kubernetes manifest with license file + 1. Optionally [KEDA](https://keda.sh/) for autoscaling - - see `autoscaling.*` values for more info + - see `autoscaling.*` values for more info ## Ingress From 576e9d8a3aa25743c521dd8c2e53528b51c33f03 Mon Sep 17 00:00:00 2001 From: Adam Blasko Date: Wed, 8 Nov 2023 10:48:53 +0100 Subject: [PATCH 3/3] Escaping password To handle potential of having semicolon (or other reserved character) in generated password --- templates/_configurations.tpl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/templates/_configurations.tpl b/templates/_configurations.tpl index 2b43e8b..f8602ef 100644 --- a/templates/_configurations.tpl +++ b/templates/_configurations.tpl @@ -15,7 +15,7 @@ Template used for adding database configuration to containers name: "{{ .Release.Name }}-postgresql" key: "postgres-password" - name: "ConnectionStrings__CoreDbContext" - value: "Server=$(DB_HOST);Database=$(DB_DATABASE);Username=$(DB_USER);Password=$(DB_PASSWORD);" + value: "Server=$(DB_HOST);Database=$(DB_DATABASE);Username=$(DB_USER);Password='$(DB_PASSWORD)';" {{- else }} - name: "ConnectionStrings__CoreDbContext" valueFrom: