diff --git a/maestro/server/Makefile b/maestro/server/Makefile index 4e0263ebf..913738b75 100644 --- a/maestro/server/Makefile +++ b/maestro/server/Makefile @@ -10,9 +10,11 @@ deploy: EVENTGRID_HOSTNAME=$(shell az resource show -n ${EVENTGRID_NAME} -g ${REGION_RG} --resource-type "Microsoft.EventGrid/namespaces" --query properties.topicSpacesConfiguration.hostname -o tsv) && \ TENANT_ID=$(shell az account show --query tenantId --output tsv) && \ MAESTRO_MI_CLIENT_ID=$(shell az identity show -g "${SVC_RG}" -n maestro-server --query clientId -o tsv) && \ - DATABASE_HOST=$(shell az postgres flexible-server show -g ${SVC_RG} -n ${DATABASE_NAME} --query fullyQualifiedDomainName -o tsv) && \ + DATABASE_HOST=$$(if [ "${USE_AZURE_DB}" = "true" ]; then az postgres flexible-server show -g ${SVC_RG} -n ${DATABASE_NAME} --query fullyQualifiedDomainName -o tsv; else echo "maestro-db"; fi) && \ + OVERRIDES=$$(if [ "${USE_AZURE_DB}" = "true" ]; then echo "azuredb.values.yaml"; else echo "containerdb.values.yaml"; fi) && \ helm upgrade --install maestro-server ./helm \ --namespace maestro \ + -f helm/$${OVERRIDES} \ --set broker.host=$${EVENTGRID_HOSTNAME} \ --set credsKeyVault.name=${KEYVAULT_NAME} \ --set credsKeyVault.secret=${MQTT_CLIENT_NAME} \ @@ -21,8 +23,5 @@ deploy: --set istio.restrictIngress=${ISTIO_RESTRICT_INGRESS} \ --set image.base=${IMAGE_BASE} \ --set image.tag=${IMAGE_TAG} \ - --set database.containerizedDb=${USE_CONTAINERIZED_DB} \ - --set database.ssl='${USE_DATABASE_SSL}' \ - $(if $(filter false,$(USE_CONTAINERIZED_DB)),--set database.host=$${DATABASE_HOST}) \ - --set database.authMethod='${DATABASE_AUTH_METHOD}' + --set database.host=$${DATABASE_HOST} .PHONY: deploy diff --git a/maestro/server/config.tmpl.mk b/maestro/server/config.tmpl.mk index eb316373f..fa3b10c13 100644 --- a/maestro/server/config.tmpl.mk +++ b/maestro/server/config.tmpl.mk @@ -4,10 +4,8 @@ AKS_NAME ?= {{ .aksName }} SVC_RG ?= {{ .svc.rg }} IMAGE_BASE ?= {{ .maestro.imageBase }} IMAGE_TAG ?= {{ .maestro.imageTag }} -USE_CONTAINERIZED_DB ?= {{ not .maestro.postgres.deploy }} -USE_DATABASE_SSL ?= {{ ternary "require" "disable" .maestro.postgres.deploy }} +USE_AZURE_DB ?= {{ .maestro.postgres.deploy }} DATABASE_NAME ?= {{ .maestro.postgres.name }} -DATABASE_AUTH_METHOD ?= {{ ternary "az-entra" "password" .maestro.postgres.deploy }} ISTIO_RESTRICT_INGRESS ?= {{ .maestro.restrictIstioIngress }} KEYVAULT_NAME ?= {{ .serviceKeyVault.name }} MQTT_CLIENT_NAME ?= {{ .maestro.serverMqttClientName }} diff --git a/maestro/server/helm/azuredb.values.yaml b/maestro/server/helm/azuredb.values.yaml new file mode 100644 index 000000000..b972f8750 --- /dev/null +++ b/maestro/server/helm/azuredb.values.yaml @@ -0,0 +1,4 @@ +database: + containerizedDb: false + ssl: require + authMethod: az-entra diff --git a/maestro/server/helm/containerdb.values.yaml b/maestro/server/helm/containerdb.values.yaml new file mode 100644 index 000000000..7079babc2 --- /dev/null +++ b/maestro/server/helm/containerdb.values.yaml @@ -0,0 +1,7 @@ +database: + containerizedDb: true + ssl: disable + authMethod: password + password: "TheBlurstOfTimes" + containerizedDbImage: docker.io/library/postgres:14.2 + containerizedDbPvcCapacity: 512Mi diff --git a/maestro/server/helm/values.yaml b/maestro/server/helm/values.yaml index 95cd06fda..e8d1ec861 100644 --- a/maestro/server/helm/values.yaml +++ b/maestro/server/helm/values.yaml @@ -11,17 +11,17 @@ broker: port: 8883 database: containerizedDb: false - containerizedDbImage: docker.io/library/postgres:14.2 - containerizedDbPvcCapacity: 512Mi - host: "maestro-db" + containerizedDbImage: "" + containerizedDbPvcCapacity: "" + host: "" port: 5432 name: "maestro" user: "maestro-server" - password: "TheBlurstOfTimes" - ssl: "require" + password: "" + ssl: "" maxOpenConnections: 50 debug: false - authMethod: "password" + authMethod: "" maestro: serviceAccount: maestro httpReadTimeout: 60s