From 3be9ea63aa5c900f0ef7c6eb55344a4266d7476f Mon Sep 17 00:00:00 2001 From: Akash LM Date: Thu, 30 May 2024 11:22:19 +0530 Subject: [PATCH 1/3] config: Add user and db creation in external postgresql --- charts/quality-trace/Chart.yaml | 2 +- .../quality-trace/templates/configmap-db.yaml | 21 +++--- charts/quality-trace/templates/configmap.yaml | 8 +- .../templates/create-user-db-job.yaml | 75 +++++++++++++++++++ .../quality-trace/templates/deployment.yaml | 33 ++++++++ charts/quality-trace/templates/job.yaml | 45 ----------- charts/quality-trace/values.yaml | 24 ++++-- 7 files changed, 143 insertions(+), 65 deletions(-) create mode 100644 charts/quality-trace/templates/create-user-db-job.yaml delete mode 100644 charts/quality-trace/templates/job.yaml diff --git a/charts/quality-trace/Chart.yaml b/charts/quality-trace/Chart.yaml index 3b623e29e..95f0a86fc 100644 --- a/charts/quality-trace/Chart.yaml +++ b/charts/quality-trace/Chart.yaml @@ -11,4 +11,4 @@ name: quality-trace sources: - https://github.com/kubeshop/helm-charts/tree/main/charts type: application -version: 1.0.4 +version: 1.0.5 diff --git a/charts/quality-trace/templates/configmap-db.yaml b/charts/quality-trace/templates/configmap-db.yaml index f063c4c80..5b23808f0 100644 --- a/charts/quality-trace/templates/configmap-db.yaml +++ b/charts/quality-trace/templates/configmap-db.yaml @@ -9,14 +9,15 @@ metadata: "helm.sh/hook-delete-policy": before-hook-creation data: create-database.sql: | - SELECT 'CREATE DATABASE {{ .Values.externalPostgresql.database }}' - WHERE NOT EXISTS (SELECT FROM pg_database WHERE datname='{{ .Values.externalPostgresql.database }}')\gexec - - SELECT 'CREATE USER {{ .Values.externalPostgresql.username }} WITH PASSWORD ''{{ .Values.externalPostgresql.password }}''' - WHERE NOT EXISTS (SELECT 1 FROM pg_roles WHERE rolname='{{ .Values.externalPostgresql.username }}')\gexec - - ALTER DATABASE {{ .Values.externalPostgresql.database }} OWNER TO {{ .Values.externalPostgresql.username }}; - - ALTER ROLE {{ .Values.externalPostgresql.username }} CREATEDB; - + SELECT 'CREATE DATABASE {{ .Values.externalPostgresql.qualitytrace.database }}' + WHERE NOT EXISTS (SELECT FROM pg_database WHERE datname='{{ .Values.externalPostgresql.qualitytrace.database }}')\gexec + {{- if not .Values.externalPostgresql.qualitytrace.existingSecret }} + SELECT 'CREATE USER {{ .Values.externalPostgresql.qualitytrace.username }} WITH PASSWORD ''{{ .Values.externalPostgresql.qualitytrace.password }}''' + WHERE NOT EXISTS (SELECT 1 FROM pg_roles WHERE rolname='{{ .Values.externalPostgresql.qualitytrace.username }}')\gexec + {{- else }} + SELECT 'CREATE USER {{ .Values.externalPostgresql.qualitytrace.username }} WITH PASSWORD ''' || :'db_password' || '''' + WHERE NOT EXISTS (SELECT 1 FROM pg_roles WHERE rolname='{{ .Values.externalPostgresql.qualitytrace.username }}')\gexec + {{- end }} + ALTER DATABASE {{ .Values.externalPostgresql.qualitytrace.database }} OWNER TO {{ .Values.externalPostgresql.qualitytrace.username }}; + ALTER ROLE {{ .Values.externalPostgresql.qualitytrace.username }} CREATEDB; {{- end }} \ No newline at end of file diff --git a/charts/quality-trace/templates/configmap.yaml b/charts/quality-trace/templates/configmap.yaml index 451e39eb1..8918208ed 100644 --- a/charts/quality-trace/templates/configmap.yaml +++ b/charts/quality-trace/templates/configmap.yaml @@ -17,8 +17,12 @@ data: password: {{.Values.postgresql.auth.password}} {{- else }} host: {{ .Values.externalPostgresql.host }} - user: {{ .Values.externalPostgresql.username }} - password: {{ .Values.externalPostgresql.password }} + user: {{ .Values.externalPostgresql.qualitytrace.username }} + {{- if not .Values.externalPostgresql.qualitytrace.existingSecret }} + password: {{ .Values.externalPostgresql.qualitytrace.password }} + {{- else }} + password: $DB_PASSWORD + {{- end }} {{- end }} port: 5432 params: sslmode=disable diff --git a/charts/quality-trace/templates/create-user-db-job.yaml b/charts/quality-trace/templates/create-user-db-job.yaml new file mode 100644 index 000000000..ef2fe1bc8 --- /dev/null +++ b/charts/quality-trace/templates/create-user-db-job.yaml @@ -0,0 +1,75 @@ +{{- if not .Values.postgresql.enabled }} +apiVersion: batch/v1 +kind: Job +metadata: + name: create-user-database + annotations: + "helm.sh/hook": pre-install + "helm.sh/hook-weight": "2" + "helm.sh/hook-delete-policy": hook-succeeded +spec: + template: + metadata: + name: create-user-database + spec: + {{- if .Values.externalPostgresql.qualitytrace.existingSecret }} + initContainers: + - name: init-secret + image: ghcr.io/kube-tarian/helmrepo-supporting-tools/busybox:1.34.1 + command: ['sh', '-c', 'echo "$(cat /mnt/secrets/password)" > /mnt/config/password'] + volumeMounts: + - name: secret-volume + mountPath: /mnt/secrets + readOnly: true + - name: config-volume + mountPath: /mnt/config + {{- end }} + containers: + - name: postgresql-client + image: {{ .Values.postgresql.image.registry }}/{{ .Values.postgresql.image.repository }}:{{ .Values.postgresql.image.tag }} + command: + {{- if not .Values.externalPostgresql.qualitytrace.existingSecret }} + - "/bin/bash" + - "-c" + - | + psql -h {{ .Values.externalPostgresql.host }} -p 5432 -U postgres -f /script/create-database.sql + {{- else }} + - "/bin/bash" + - "-c" + - | + export DB_PASSWORD=$(cat /mnt/config/password) && + psql -h {{ .Values.externalPostgresql.host }} -p 5432 -U postgres -v db_password=$DB_PASSWORD -f /script/create-database.sql + {{- end }} + env: + - name: PGPASSWORD + {{- if not .Values.externalPostgresql.existingSecret }} + value: "{{ .Values.externalPostgresql.postgresqlPassword }}" + {{- else }} + valueFrom: + secretKeyRef: + name: {{ .Values.externalPostgresql.existingSecret.name }} + key: {{ .Values.externalPostgresql.existingSecret.passwordKey }} + {{- end }} + volumeMounts: + {{- if .Values.externalPostgresql.qualitytrace.existingSecret }} + - name: config-volume + mountPath: /mnt/config + {{- end }} + - name: script-volume + mountPath: /script + readOnly: true + restartPolicy: Never + volumes: + {{- if .Values.externalPostgresql.qualitytrace.existingSecret }} + - name: secret-volume + secret: + secretName: {{.Values.externalPostgresql.qualitytrace.existingSecret.name }} + - name: config-volume + emptyDir: {} + {{- end }} + - name: script-volume + configMap: + name: postgresql-query +{{- end }} + + diff --git a/charts/quality-trace/templates/deployment.yaml b/charts/quality-trace/templates/deployment.yaml index 3801a4fa3..448255d59 100644 --- a/charts/quality-trace/templates/deployment.yaml +++ b/charts/quality-trace/templates/deployment.yaml @@ -27,6 +27,23 @@ spec: serviceAccountName: {{ include "tracetest.serviceAccountName" . }} securityContext: {{- toYaml .Values.podSecurityContext | nindent 8 }} + {{- if and (not .Values.postgresql.enabled) (.Values.externalPostgresql.qualitytrace.existingSecret) }} + initContainers: + - name: init-config + image: ghcr.io/kube-tarian/helmrepo-supporting-tools/envsubst:latest + command: ['sh', '-c', 'envsubst < /app/config/config.yaml > /processed-config/config.yaml'] + env: + - name: DB_PASSWORD + valueFrom: + secretKeyRef: + name: {{ .Values.externalPostgresql.qualitytrace.existingSecret.name }} + key: {{ .Values.externalPostgresql.qualitytrace.existingSecret.passwordKey }} + volumeMounts: + - name: config + mountPath: /app/config + - name: processed-config-volume + mountPath: /processed-config + {{- end}} containers: - name: {{ .Chart.Name }} securityContext: @@ -35,11 +52,19 @@ spec: env: - name: TRACETEST_DEV value: "{{ .Values.env.tracetestDev }}" + {{- if and (not .Values.postgresql.enabled) (.Values.externalPostgresql.qualitytrace.existingSecret) }} + args: + - --config + - '/processed-config/config.yaml' + - --provisioning-file + - '/app/config/provisioning.yaml' + {{- else }} args: - --config - '/app/config/config.yaml' - --provisioning-file - '/app/config/provisioning.yaml' + {{- end }} imagePullPolicy: {{ .Values.image.pullPolicy }} ports: - name: http @@ -64,10 +89,18 @@ spec: volumeMounts: - name: config mountPath: /app/config + {{- if and (not .Values.postgresql.enabled) (.Values.externalPostgresql.qualitytrace.existingSecret) }} + - name: processed-config-volume + mountPath: /processed-config + {{- end}} volumes: - name: config configMap: name: {{ include "tracetest.fullname" . }} + {{- if and (not .Values.postgresql.enabled) (.Values.externalPostgresql.qualitytrace.existingSecret) }} + - name: processed-config-volume + emptyDir: {} + {{- end}} {{- with .Values.nodeSelector }} nodeSelector: {{- toYaml . | nindent 8 }} diff --git a/charts/quality-trace/templates/job.yaml b/charts/quality-trace/templates/job.yaml deleted file mode 100644 index 212e011f2..000000000 --- a/charts/quality-trace/templates/job.yaml +++ /dev/null @@ -1,45 +0,0 @@ -{{- if not .Values.postgresql.enabled }} -apiVersion: batch/v1 -kind: Job -metadata: - name: create-users-databases - annotations: - "helm.sh/hook": pre-install - "helm.sh/hook-weight": "2" - "helm.sh/hook-delete-policy": hook-succeeded -spec: - template: - metadata: - name: create-users-databases - spec: - containers: - - name: postgresql-client - image: {{ .Values.postgresql.image.registry }}/{{ .Values.postgresql.image.repository }}:{{ .Values.postgresql.image.tag }} - command: - - "/bin/bash" - - "-c" - - | - psql -h {{ .Values.externalPostgresql.host }} -p 5432 -U postgres -f /scripts/create-database.sql - - env: - - name: PGPASSWORD - {{- if not .Values.externalPostgresql.existingSecret }} - value: "{{ .Values.externalPostgresql.postgresqlPassword }}" - {{- else }} - valueFrom: - secretKeyRef: - name: {{ .Values.externalPostgresql.existingSecret.name }} - key: {{ .Values.externalPostgresql.existingSecret.passwordKey }} - {{- end }} - volumeMounts: - - name: script-volume - mountPath: /scripts - readOnly: true - restartPolicy: Never - volumes: - - name: script-volume - configMap: - name: postgresql-query -{{- end }} - - diff --git a/charts/quality-trace/values.yaml b/charts/quality-trace/values.yaml index 1c9659927..bf7f249e0 100644 --- a/charts/quality-trace/values.yaml +++ b/charts/quality-trace/values.yaml @@ -185,8 +185,8 @@ affinity: {} otelCollector: name: "otel-collector" image: - repository: otel/opentelemetry-collector-contrib - tag: 0.70.0 + repository: ghcr.io/kube-tarian/helmrepo-supporting-tools/opentelemetry-collector-contrib + tag: 0.79.0 pullPolicy: Always # -- Image Registry Secret Names for OtelCollector @@ -358,10 +358,20 @@ otelCollector: externalPostgresql: host: postgresql - database: "" - username: "" - password: "" + # password for accessing the postgres user. Ignored if existingSecret is set postgresqlPassword: "" + # -- Name and key of an existing Kubernetes secret object containing the password existingSecret: {} - # name: - # passwordKey: \ No newline at end of file + # name: + # passwordKey: + + # User and database creation + qualitytrace: + database: "tracetest" + username: "tracetest" + # password for accessing the database. Ignored if existingSecret is set + password: "" + # -- Name and key of an existing Kubernetes secret object containing the password + existingSecret: {} + # name: + # passwordKey: \ No newline at end of file From 27b15423a2166f92b2a07ca5ef20b56c5c086f8d Mon Sep 17 00:00:00 2001 From: Akash LM Date: Tue, 4 Jun 2024 22:01:37 +0530 Subject: [PATCH 2/3] config: Add user and db creation in external postgresql --- .../quality-trace/templates/configmap-db.yaml | 7 +-- charts/quality-trace/templates/configmap.yaml | 2 +- .../templates/create-user-db-job.yaml | 41 ++++------------- .../quality-trace/templates/deployment.yaml | 46 ++++++++----------- charts/quality-trace/values.yaml | 6 +-- 5 files changed, 34 insertions(+), 68 deletions(-) diff --git a/charts/quality-trace/templates/configmap-db.yaml b/charts/quality-trace/templates/configmap-db.yaml index 5b23808f0..0492ae0b9 100644 --- a/charts/quality-trace/templates/configmap-db.yaml +++ b/charts/quality-trace/templates/configmap-db.yaml @@ -11,13 +11,10 @@ data: create-database.sql: | SELECT 'CREATE DATABASE {{ .Values.externalPostgresql.qualitytrace.database }}' WHERE NOT EXISTS (SELECT FROM pg_database WHERE datname='{{ .Values.externalPostgresql.qualitytrace.database }}')\gexec - {{- if not .Values.externalPostgresql.qualitytrace.existingSecret }} - SELECT 'CREATE USER {{ .Values.externalPostgresql.qualitytrace.username }} WITH PASSWORD ''{{ .Values.externalPostgresql.qualitytrace.password }}''' - WHERE NOT EXISTS (SELECT 1 FROM pg_roles WHERE rolname='{{ .Values.externalPostgresql.qualitytrace.username }}')\gexec - {{- else }} + SELECT 'CREATE USER {{ .Values.externalPostgresql.qualitytrace.username }} WITH PASSWORD ''' || :'db_password' || '''' WHERE NOT EXISTS (SELECT 1 FROM pg_roles WHERE rolname='{{ .Values.externalPostgresql.qualitytrace.username }}')\gexec - {{- end }} + ALTER DATABASE {{ .Values.externalPostgresql.qualitytrace.database }} OWNER TO {{ .Values.externalPostgresql.qualitytrace.username }}; ALTER ROLE {{ .Values.externalPostgresql.qualitytrace.username }} CREATEDB; {{- end }} \ No newline at end of file diff --git a/charts/quality-trace/templates/configmap.yaml b/charts/quality-trace/templates/configmap.yaml index 8918208ed..5b271a82f 100644 --- a/charts/quality-trace/templates/configmap.yaml +++ b/charts/quality-trace/templates/configmap.yaml @@ -21,7 +21,7 @@ data: {{- if not .Values.externalPostgresql.qualitytrace.existingSecret }} password: {{ .Values.externalPostgresql.qualitytrace.password }} {{- else }} - password: $DB_PASSWORD + password: 'db_password' {{- end }} {{- end }} port: 5432 diff --git a/charts/quality-trace/templates/create-user-db-job.yaml b/charts/quality-trace/templates/create-user-db-job.yaml index ef2fe1bc8..1429eec1f 100644 --- a/charts/quality-trace/templates/create-user-db-job.yaml +++ b/charts/quality-trace/templates/create-user-db-job.yaml @@ -12,34 +12,14 @@ spec: metadata: name: create-user-database spec: - {{- if .Values.externalPostgresql.qualitytrace.existingSecret }} - initContainers: - - name: init-secret - image: ghcr.io/kube-tarian/helmrepo-supporting-tools/busybox:1.34.1 - command: ['sh', '-c', 'echo "$(cat /mnt/secrets/password)" > /mnt/config/password'] - volumeMounts: - - name: secret-volume - mountPath: /mnt/secrets - readOnly: true - - name: config-volume - mountPath: /mnt/config - {{- end }} containers: - name: postgresql-client image: {{ .Values.postgresql.image.registry }}/{{ .Values.postgresql.image.repository }}:{{ .Values.postgresql.image.tag }} command: - {{- if not .Values.externalPostgresql.qualitytrace.existingSecret }} - "/bin/bash" - "-c" - | - psql -h {{ .Values.externalPostgresql.host }} -p 5432 -U postgres -f /script/create-database.sql - {{- else }} - - "/bin/bash" - - "-c" - - | - export DB_PASSWORD=$(cat /mnt/config/password) && psql -h {{ .Values.externalPostgresql.host }} -p 5432 -U postgres -v db_password=$DB_PASSWORD -f /script/create-database.sql - {{- end }} env: - name: PGPASSWORD {{- if not .Values.externalPostgresql.existingSecret }} @@ -50,26 +30,23 @@ spec: name: {{ .Values.externalPostgresql.existingSecret.name }} key: {{ .Values.externalPostgresql.existingSecret.passwordKey }} {{- end }} + - name: DB_PASSWORD + {{- if not .Values.externalPostgresql.qualitytrace.existingSecret }} + value: "{{ .Values.externalPostgresql.qualitytrace.password }}" + {{- else }} + valueFrom: + secretKeyRef: + name: {{ .Values.externalPostgresql.qualitytrace.existingSecret.name }} + key: {{ .Values.externalPostgresql.qualitytrace.existingSecret.passwordKey }} + {{- end }} volumeMounts: - {{- if .Values.externalPostgresql.qualitytrace.existingSecret }} - - name: config-volume - mountPath: /mnt/config - {{- end }} - name: script-volume mountPath: /script readOnly: true restartPolicy: Never volumes: - {{- if .Values.externalPostgresql.qualitytrace.existingSecret }} - - name: secret-volume - secret: - secretName: {{.Values.externalPostgresql.qualitytrace.existingSecret.name }} - - name: config-volume - emptyDir: {} - {{- end }} - name: script-volume configMap: name: postgresql-query {{- end }} - diff --git a/charts/quality-trace/templates/deployment.yaml b/charts/quality-trace/templates/deployment.yaml index 448255d59..c983da206 100644 --- a/charts/quality-trace/templates/deployment.yaml +++ b/charts/quality-trace/templates/deployment.yaml @@ -27,43 +27,35 @@ spec: serviceAccountName: {{ include "tracetest.serviceAccountName" . }} securityContext: {{- toYaml .Values.podSecurityContext | nindent 8 }} - {{- if and (not .Values.postgresql.enabled) (.Values.externalPostgresql.qualitytrace.existingSecret) }} - initContainers: - - name: init-config - image: ghcr.io/kube-tarian/helmrepo-supporting-tools/envsubst:latest - command: ['sh', '-c', 'envsubst < /app/config/config.yaml > /processed-config/config.yaml'] - env: - - name: DB_PASSWORD - valueFrom: - secretKeyRef: - name: {{ .Values.externalPostgresql.qualitytrace.existingSecret.name }} - key: {{ .Values.externalPostgresql.qualitytrace.existingSecret.passwordKey }} - volumeMounts: - - name: config - mountPath: /app/config - - name: processed-config-volume - mountPath: /processed-config - {{- end}} containers: - name: {{ .Chart.Name }} securityContext: {{- toYaml .Values.securityContext | nindent 12 }} image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" env: - - name: TRACETEST_DEV + {{- if and (not .Values.postgresql.enabled) (.Values.externalPostgresql.qualitytrace.existingSecret) }} + - name: DB_PASSWORD + valueFrom: + secretKeyRef: + name: {{ .Values.externalPostgresql.qualitytrace.existingSecret.name }} + key: {{ .Values.externalPostgresql.qualitytrace.existingSecret.passwordKey }} + {{- end }} + - name: TRACETEST_DEV value: "{{ .Values.env.tracetestDev }}" {{- if and (not .Values.postgresql.enabled) (.Values.externalPostgresql.qualitytrace.existingSecret) }} - args: - - --config - - '/processed-config/config.yaml' - - --provisioning-file - - '/app/config/provisioning.yaml' + command: + - sh + - -c + - | + cp /app/config/config.yaml /processed-config/ + sed -i 's/db_password/'"$DB_PASSWORD"'/g' /processed-config/config.yaml + /app/quality-trace-server serve --config /processed-config/config.yaml --provisioning-file /app/config/provisioning.yaml {{- else }} args: - - --config - - '/app/config/config.yaml' - - --provisioning-file - - '/app/config/provisioning.yaml' + - "--config" + - "/app/config/config.yaml" + - "--provisioning-file" + - "/app/config/provisioning.yaml" {{- end }} imagePullPolicy: {{ .Values.image.pullPolicy }} ports: diff --git a/charts/quality-trace/values.yaml b/charts/quality-trace/values.yaml index bf7f249e0..f0a54f840 100644 --- a/charts/quality-trace/values.yaml +++ b/charts/quality-trace/values.yaml @@ -362,8 +362,8 @@ externalPostgresql: postgresqlPassword: "" # -- Name and key of an existing Kubernetes secret object containing the password existingSecret: {} - # name: - # passwordKey: + # name: + # passwordKey: # User and database creation qualitytrace: @@ -372,6 +372,6 @@ externalPostgresql: # password for accessing the database. Ignored if existingSecret is set password: "" # -- Name and key of an existing Kubernetes secret object containing the password - existingSecret: {} + existingSecret: # name: # passwordKey: \ No newline at end of file From c2d344fd878b1a43e8bb050a9e55c15183ff7a41 Mon Sep 17 00:00:00 2001 From: Akash LM Date: Tue, 4 Jun 2024 22:02:29 +0530 Subject: [PATCH 3/3] config: Add user and db creation in external postgresql --- charts/quality-trace/values.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/quality-trace/values.yaml b/charts/quality-trace/values.yaml index f0a54f840..1a7123d9f 100644 --- a/charts/quality-trace/values.yaml +++ b/charts/quality-trace/values.yaml @@ -372,6 +372,6 @@ externalPostgresql: # password for accessing the database. Ignored if existingSecret is set password: "" # -- Name and key of an existing Kubernetes secret object containing the password - existingSecret: + existingSecret: {} # name: # passwordKey: \ No newline at end of file