diff --git a/.github/workflows/push-to-develop.yml b/.github/workflows/push-to-develop.yml index 524123f8..9159c0b1 100644 --- a/.github/workflows/push-to-develop.yml +++ b/.github/workflows/push-to-develop.yml @@ -50,13 +50,25 @@ jobs: mkdir ~/.kube && echo "${{ secrets.KUBECONFIG }}" > ~/.kube/config + - name: Update Helm dependencys + run: helm dependency update ./infrastructure/iris-gateway + - name: Run helm deployment run: > helm upgrade --install --namespace iris-gateway --set environment=test --set locations.tag="${{ github.sha }}" + --set postgresqlha.postgresql.repmgrPassword="${{ secrets.REPMGR_PASSWORD }}" + --set postgresqlha.pgpool.adminPassword="${{ secrets.PGPOOL_ADMIN_PASSWORD }}" + --set postgresqlha.postgresql.password="${{ secrets.POSTGRESQL_PASSWORD }}" + --set postgresqlha.pgpool.customUsers.passwords="${{ secrets.POSTGRESQL_PASSWORD }}" --wait --timeout 3m --debug iris-gateway ./infrastructure/iris-gateway + + - name: Delete downloaded helm charts + if: ${{ always() }} + run: > + rm -rf iris-gateway/infrastructure/iris-gateway/charts diff --git a/.gitignore b/.gitignore index b748346e..7a416202 100644 --- a/.gitignore +++ b/.gitignore @@ -78,3 +78,4 @@ hs_err_pid* # Generated files iris-client-eps/settings/test/ +infrastructure/iris-gateway/charts/ diff --git a/infrastructure/iris-gateway/Chart.lock b/infrastructure/iris-gateway/Chart.lock new file mode 100644 index 00000000..14eb2a4f --- /dev/null +++ b/infrastructure/iris-gateway/Chart.lock @@ -0,0 +1,6 @@ +dependencies: +- name: postgresql-ha + repository: https://charts.bitnami.com/bitnami + version: 7.7.1 +digest: sha256:7b987866748032feb90cda931d61e75d2b6bcb50b04dc16841f9dce12e1be990 +generated: "2021-07-09T13:35:14.152429082+02:00" diff --git a/infrastructure/iris-gateway/Chart.yaml b/infrastructure/iris-gateway/Chart.yaml index 01fc02ba..8dc01e9f 100644 --- a/infrastructure/iris-gateway/Chart.yaml +++ b/infrastructure/iris-gateway/Chart.yaml @@ -2,3 +2,8 @@ apiVersion: v2 name: iris-gateway type: application version: 0.1.0 +dependencies: + - name: postgresql-ha + version: 7.7.1 + repository: https://charts.bitnami.com/bitnami + alias: postgresqlha diff --git a/infrastructure/iris-gateway/readme.md b/infrastructure/iris-gateway/readme.md index 20f855b1..2e23e2a9 100644 --- a/infrastructure/iris-gateway/readme.md +++ b/infrastructure/iris-gateway/readme.md @@ -37,7 +37,7 @@ prod.iris-gateway.de | 193.28.249.53 TOKEN=$(kubectl -n iris-gateway get secret $SECRET_NAME -o json | jq -r '.data.token' | base64 -d) echo $TOKEN ``` -1. add token to kubeconfig, add as secret to GitHub repo, as `KUBECONFIG` +1. add token to kubeconfig, add as secret to GitHub repo, as `KUBECONFIG` to the specific _environment_ (`test` or `production`) ```yaml apiVersion: v1 @@ -59,19 +59,6 @@ to the specific _environment_ (`test` or `production`) user: token: ``` -1. create secret `iris-gateway-locations-postgres` manually in `iris-gateway` - ```yaml - apiVersion: v1 - kind: Secret - type: Opaque - metadata: - name: iris-gateway-locations-postgres - namespace: iris-gateway - data: - POSTGRES_HOST: aXJpcy1nYXRld2F5LWxvY2F0aW9ucy1wb3N0Z3Jlcw== # iris-gateway-locations-postgres - POSTGRES_PASSWORD: ... # b64 encoded - POSTGRES_USER: ... # b64 encoded - ``` 1. create secret `iris-gateway-tls` manually in `iris-gateway` ```yaml apiVersion: v1 diff --git a/infrastructure/iris-gateway/templates/locations-postgres-backup/configmap.yaml b/infrastructure/iris-gateway/templates/locations-postgres-backup/configmap.yaml index c8d3aeec..6ca46022 100644 --- a/infrastructure/iris-gateway/templates/locations-postgres-backup/configmap.yaml +++ b/infrastructure/iris-gateway/templates/locations-postgres-backup/configmap.yaml @@ -10,7 +10,7 @@ data: # reference: https://simplebackups.io/blog/the-ultimate-postgresql-database-backup-script/ DIR=$(date +%d-%m-%y) - DEST="{{ .Values.postgres.backupDir }}/${DIR}" + DEST="{{ .Values.postgresqlha.postgresql.backupDir }}/${DIR}" mkdir -p "${DEST}" echo 'backup starting' diff --git a/infrastructure/iris-gateway/templates/locations-postgres-backup/cronjob.yaml b/infrastructure/iris-gateway/templates/locations-postgres-backup/cronjob.yaml index eb033216..b50fe937 100644 --- a/infrastructure/iris-gateway/templates/locations-postgres-backup/cronjob.yaml +++ b/infrastructure/iris-gateway/templates/locations-postgres-backup/cronjob.yaml @@ -27,7 +27,7 @@ spec: - secretRef: name: {{ include "iris-gateway.locations-postgres" . }} volumeMounts: - - mountPath: {{ .Values.postgres.backupDir }} + - mountPath: {{ .Values.postgresqlha.postgresql.backupDir }} name: persistent-storage - mountPath: /scripts name: scripts diff --git a/infrastructure/iris-gateway/templates/locations-postgres/deployment.yaml b/infrastructure/iris-gateway/templates/locations-postgres/deployment.yaml deleted file mode 100644 index 943ca436..00000000 --- a/infrastructure/iris-gateway/templates/locations-postgres/deployment.yaml +++ /dev/null @@ -1,39 +0,0 @@ -apiVersion: apps/v1 -kind: Deployment -metadata: - name: {{ include "iris-gateway.locations-postgres" . }} - labels: - {{- include "iris-gateway.locations-postgres-labels" . | nindent 4 }} -spec: - replicas: 1 - selector: - matchLabels: - {{- include "iris-gateway.locations-postgres-labels" . | nindent 6 }} - template: - metadata: - labels: - {{- include "iris-gateway.locations-postgres-labels" . | nindent 8 }} - spec: - containers: - - name: postgres - image: postgres - imagePullPolicy: {{ include "iris-gateway.pullPolicy" . }} - ports: - - name: tcp - containerPort: {{ .Values.postgres.port }} - protocol: TCP - env: - - name: POSTGRES_DB - value: {{ .Values.postgres.dbName }} - - name: PGDATA - value: {{ .Values.postgres.storageDir }} - envFrom: - - secretRef: - name: {{ include "iris-gateway.locations-postgres" . }} - volumeMounts: - - mountPath: {{ .Values.postgres.storageDir }} - name: persistent-storage - volumes: - - name: persistent-storage - persistentVolumeClaim: - claimName: {{ include "iris-gateway.locations-postgres" . }} diff --git a/infrastructure/iris-gateway/templates/locations-postgres/service.yaml b/infrastructure/iris-gateway/templates/locations-postgres/service.yaml deleted file mode 100644 index ecd36f1a..00000000 --- a/infrastructure/iris-gateway/templates/locations-postgres/service.yaml +++ /dev/null @@ -1,14 +0,0 @@ -apiVersion: v1 -kind: Service -metadata: - name: {{ include "iris-gateway.locations-postgres" . }} - labels: - {{- include "iris-gateway.locations-postgres-labels" . | nindent 4 }} -spec: - ports: - - port: {{ .Values.postgres.port }} - targetPort: tcp - protocol: TCP - name: tcp - selector: - {{- include "iris-gateway.locations-postgres-labels" . | nindent 4 }} diff --git a/infrastructure/iris-gateway/templates/locations/deployment.yaml b/infrastructure/iris-gateway/templates/locations/deployment.yaml index 5218f1bc..28334faf 100644 --- a/infrastructure/iris-gateway/templates/locations/deployment.yaml +++ b/infrastructure/iris-gateway/templates/locations/deployment.yaml @@ -22,7 +22,7 @@ spec: - name: SPRING_PROFILES_ACTIVE value: postgres - name: POSTGRES_DATABASE - value: {{ .Values.postgres.dbName }} + value: {{ .Values.postgresqlha.postgresql.database }} envFrom: - secretRef: name: {{ include "iris-gateway.locations-postgres" . }} diff --git a/infrastructure/iris-gateway/templates/locations/secret.yaml b/infrastructure/iris-gateway/templates/locations/secret.yaml new file mode 100644 index 00000000..e3aa516f --- /dev/null +++ b/infrastructure/iris-gateway/templates/locations/secret.yaml @@ -0,0 +1,9 @@ +apiVersion: v1 +metadata: + name: {{ include "iris-gateway.locations-postgres" . }} +kind: Secret +type: Opaque +data: + POSTGRES_HOST: {{ printf "%s-postgresqlha-pgpool" .Release.Name | b64enc | quote }} + POSTGRES_PASSWORD: {{ .Values.postgresqlha.pgpool.customUsers.passwords | b64enc | quote }} + POSTGRES_USER: {{ .Values.postgresqlha.pgpool.customUsers.usernames | b64enc | quote }} diff --git a/infrastructure/iris-gateway/values.yaml b/infrastructure/iris-gateway/values.yaml index fcd633a3..4d014475 100644 --- a/infrastructure/iris-gateway/values.yaml +++ b/infrastructure/iris-gateway/values.yaml @@ -73,3 +73,46 @@ publicProxyEps: domains: test: test.iris-gateway.de production: iris-gateway.de + +postgresqlha: + clusterDomain: cluster.local + serviceAccount: + enabled: true + postgresql: + backupDir: /backups + database: locations + username: locations + password: undefined #will be set by cli + replicaCount: 3 + resources: {} + # limits: + # cpu: 250m + # memory: 256Mi + # requests: + # cpu: 250m + # memory: 256Mi + pgpool: + #customUsersSecret: iris-gateway-locations-postgres + customUsers: + usernames: locations + passwords: undefined ## will be set by cli + volumePermissions: + enabled: true + resources: {} + # limits: + # cpu: 100m + # memory: 128Mi + # requests: + # cpu: 100m + # memory: 128Mi + metrics: + enabled: true + resources: {} + # limits: + # cpu: 250m + # memory: 256Mi + # requests: + # cpu: 250m + # memory: 256Mi + # networkPolicy: + # enabled: true