Postgres ha (#172)

Update for HA Postgresql

.github/workflows/push-to-develop.yml

@@ -50,13 +50,25 @@ jobs:
           mkdir ~/.kube &&
           echo "${{ secrets.KUBECONFIG }}" > ~/.kube/config
 
+      - name: Update Helm dependencys
+        run: helm dependency update ./infrastructure/iris-gateway
+
       - name: Run helm deployment
         run: >
           helm upgrade --install
           --namespace iris-gateway
           --set environment=test
           --set locations.tag="${{ github.sha }}"
+          --set postgresqlha.postgresql.repmgrPassword="${{ secrets.REPMGR_PASSWORD }}"
+          --set postgresqlha.pgpool.adminPassword="${{ secrets.PGPOOL_ADMIN_PASSWORD }}"
+          --set postgresqlha.postgresql.password="${{ secrets.POSTGRESQL_PASSWORD }}"
+          --set postgresqlha.pgpool.customUsers.passwords="${{ secrets.POSTGRESQL_PASSWORD }}"
           --wait
           --timeout 3m
           --debug
           iris-gateway ./infrastructure/iris-gateway
+
+      - name: Delete downloaded helm charts
+        if: ${{ always() }}
+        run: >
+          rm -rf iris-gateway/infrastructure/iris-gateway/charts

.gitignore

@@ -78,3 +78,4 @@ hs_err_pid*
 
 # Generated files
 iris-client-eps/settings/test/
+infrastructure/iris-gateway/charts/

infrastructure/iris-gateway/Chart.lock

@@ -0,0 +1,6 @@
+dependencies:
+- name: postgresql-ha
+  repository: https://charts.bitnami.com/bitnami
+  version: 7.7.1
+digest: sha256:7b987866748032feb90cda931d61e75d2b6bcb50b04dc16841f9dce12e1be990
+generated: "2021-07-09T13:35:14.152429082+02:00"

infrastructure/iris-gateway/Chart.yaml

@@ -2,3 +2,8 @@ apiVersion: v2
 name: iris-gateway
 type: application
 version: 0.1.0
+dependencies:
+  - name: postgresql-ha
+    version: 7.7.1
+    repository: https://charts.bitnami.com/bitnami
+    alias: postgresqlha

infrastructure/iris-gateway/readme.md

@@ -37,7 +37,7 @@ prod.iris-gateway.de | 193.28.249.53
     TOKEN=$(kubectl -n iris-gateway get secret $SECRET_NAME -o json | jq -r '.data.token' | base64 -d)
     echo $TOKEN
     ```
-1. add token to kubeconfig, add as secret to GitHub repo, as `KUBECONFIG` 
+1. add token to kubeconfig, add as secret to GitHub repo, as `KUBECONFIG`
 to the specific _environment_ (`test` or `production`)
     ```yaml
     apiVersion: v1
@@ -59,19 +59,6 @@ to the specific _environment_ (`test` or `production`)
         user:
           token: <service-account-token for user namespace-admin>
     ```
-1. create secret `iris-gateway-locations-postgres` manually in `iris-gateway`
-    ```yaml
-    apiVersion: v1
-    kind: Secret
-    type: Opaque
-    metadata:
-      name: iris-gateway-locations-postgres
-      namespace: iris-gateway
-    data:
-      POSTGRES_HOST: aXJpcy1nYXRld2F5LWxvY2F0aW9ucy1wb3N0Z3Jlcw==  # iris-gateway-locations-postgres
-      POSTGRES_PASSWORD: ...  # b64 encoded
-      POSTGRES_USER: ...  # b64 encoded
-    ```
 1. create secret `iris-gateway-tls` manually in `iris-gateway`
     ```yaml
     apiVersion: v1

infrastructure/iris-gateway/templates/locations-postgres-backup/configmap.yaml

@@ -10,7 +10,7 @@ data:
     # reference: https://simplebackups.io/blog/the-ultimate-postgresql-database-backup-script/
 
     DIR=$(date +%d-%m-%y)
-    DEST="{{ .Values.postgres.backupDir }}/${DIR}"
+    DEST="{{ .Values.postgresqlha.postgresql.backupDir }}/${DIR}"
     mkdir -p "${DEST}"
 
     echo 'backup starting'

infrastructure/iris-gateway/templates/locations-postgres-backup/cronjob.yaml

@@ -27,7 +27,7 @@ spec:
                 - secretRef:
                     name: {{ include "iris-gateway.locations-postgres" . }}
               volumeMounts:
-                - mountPath: {{ .Values.postgres.backupDir }}
+                - mountPath: {{ .Values.postgresqlha.postgresql.backupDir }}
                   name: persistent-storage
                 - mountPath: /scripts
                   name: scripts

infrastructure/iris-gateway/templates/locations/deployment.yaml

@@ -22,7 +22,7 @@ spec:
             - name: SPRING_PROFILES_ACTIVE
               value: postgres
             - name: POSTGRES_DATABASE
-              value: {{ .Values.postgres.dbName }}
+              value: {{ .Values.postgresqlha.postgresql.database }}
           envFrom:
             - secretRef:
                 name: {{ include "iris-gateway.locations-postgres" . }}

infrastructure/iris-gateway/templates/locations/secret.yaml

@@ -0,0 +1,9 @@
+apiVersion: v1
+metadata:
+  name: {{ include "iris-gateway.locations-postgres" . }}
+kind: Secret
+type: Opaque
+data:
+  POSTGRES_HOST: {{ printf "%s-postgresqlha-pgpool" .Release.Name | b64enc | quote }}
+  POSTGRES_PASSWORD: {{ .Values.postgresqlha.pgpool.customUsers.passwords | b64enc | quote }}
+  POSTGRES_USER: {{ .Values.postgresqlha.pgpool.customUsers.usernames | b64enc | quote }}

infrastructure/iris-gateway/values.yaml

@@ -73,3 +73,46 @@ publicProxyEps:
 domains:
   test: test.iris-gateway.de
   production: iris-gateway.de
+
+postgresqlha:
+  clusterDomain: cluster.local
+  serviceAccount:
+    enabled: true
+  postgresql:
+    backupDir: /backups
+    database: locations
+    username: locations
+    password: undefined #will be set by cli
+    replicaCount: 3
+    resources: {}
+      # limits:
+      #   cpu: 250m
+      #   memory: 256Mi
+      # requests:
+      #   cpu: 250m
+      #   memory: 256Mi
+  pgpool:
+    #customUsersSecret: iris-gateway-locations-postgres
+    customUsers:
+      usernames: locations
+      passwords: undefined ## will be set by cli
+  volumePermissions:
+    enabled: true
+    resources: {}
+      # limits:
+      #   cpu: 100m
+      #   memory: 128Mi
+      # requests:
+      #   cpu: 100m
+      #   memory: 128Mi
+  metrics:
+    enabled: true
+    resources: {}
+      # limits:
+      #   cpu: 250m
+      #   memory: 256Mi
+      # requests:
+      #   cpu: 250m
+      #   memory: 256Mi
+  # networkPolicy:
+  #   enabled: true