Skip to content

Commit

Permalink
BC-7024-migration-to-ionos-postgres-dev (#160)
Browse files Browse the repository at this point in the history 
Add option for postgres management (branch specific database creation/deletion) to calendar role
  • Loading branch information
@YannickEvers
YannickEvers authored Apr 25, 2024
1 parent 793d7bb commit 95f6132
Show file tree
Hide file tree
Showing 8 changed files with 166 additions and 3 deletions.
31 changes: 31 additions & 0 deletions ansible/roles/schulcloud-calendar-core/tasks/main.yml
View file
Original file line number Diff line number Diff line change
@@ -1,3 +1,34 @@
- name: Check if secret with database credentials already exists
kubernetes.core.k8s_info:
kubeconfig: ~/.kube/config
namespace: "{{ NAMESPACE }}"
kind: Secret
name: "pg-calendar-secret"
register: db_secret_present
when: WITH_BRANCH_POSTGRES_DB_MANAGEMENT

- name: Create Secret for the database (if not existing)
kubernetes.core.k8s:
kubeconfig: ~/.kube/config
namespace: "{{ NAMESPACE }}"
template: secret-database.yml.j2
when: WITH_BRANCH_POSTGRES_DB_MANAGEMENT and db_secret_present.resources|length == 0

- name: Create ConfigMap with database configuration script
kubernetes.core.k8s:
kubeconfig: ~/.kube/config
namespace: "{{ NAMESPACE }}"
template: configmap-database-init.yml.j2
apply: yes
when: WITH_BRANCH_POSTGRES_DB_MANAGEMENT

- name: Create/execute database configuration script
kubernetes.core.k8s:
kubeconfig: ~/.kube/config
namespace: "{{ NAMESPACE }}"
template: job-database-init.yml.j2
when: WITH_BRANCH_POSTGRES_DB_MANAGEMENT

- name: Service
kubernetes.core.k8s:
kubeconfig: ~/.kube/config
Expand Down
19 changes: 19 additions & 0 deletions ansible/roles/schulcloud-calendar-core/templates/configmap-database-init.yml.j2
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,19 @@
apiVersion: v1
kind: ConfigMap
metadata:
name: pg-calendar-configmap-init
namespace: {{ NAMESPACE }}
labels:
app: calendar-postgres-init
data:
config_script.sh: |
#!/bin/bash
echo "Create owner of the DB"
echo "SELECT 'CREATE USER $DB_USER' WHERE NOT EXISTS (SELECT FROM pg_user WHERE usename = '$DB_USER')\gexec" | psql -d postgres -w
echo "GRANT $DB_USER TO $PGUSER;" | psql -d postgres -w
echo "Set/update password for user $DB_USER"
echo "ALTER USER $DB_USER WITH ENCRYPTED PASSWORD '$DB_USER_PASSWORD';" | psql -d postgres -w
echo "Create database"
echo "SELECT 'CREATE DATABASE $DB_NAME OWNER $DB_USER' WHERE NOT EXISTS (SELECT FROM pg_database WHERE datname = '$DB_NAME')\gexec" | psql -d postgres -w
echo "Revoke permissions for public role"
echo "REVOKE ALL ON DATABASE $DB_NAME FROM PUBLIC;" | psql -d postgres -w
4 changes: 4 additions & 0 deletions ansible/roles/schulcloud-calendar-core/templates/configmap.yml.j2
View file
Original file line number Diff line number Diff line change
Expand Up @@ -16,3 +16,7 @@ data:
{% if CAL_IS_MIGRATION is defined %}
IS_MIGRATION: "{{ CAL_IS_MIGRATION }}"
{% endif %}
{% if WITH_BRANCH_POSTGRES_DB_MANAGEMENT is defined and WITH_BRANCH_POSTGRES_DB_MANAGEMENT|bool %}
DB_HOST: "{{ POSTGRES_MANAGEMENT_HOST }}"
DB_SSL: "true"
{% endif %}
13 changes: 12 additions & 1 deletion ansible/roles/schulcloud-calendar-core/templates/deployment.yml.j2
View file
Original file line number Diff line number Diff line change
Expand Up @@ -43,10 +43,21 @@ spec:
ports:
- containerPort: 3000
envFrom:
- secretRef:
name: calendar-secret
- configMapRef:
name: calendar-configmap
{% if WITH_BRANCH_POSTGRES_DB_MANAGEMENT is defined and WITH_BRANCH_POSTGRES_DB_MANAGEMENT|bool %}
- secretRef:
name: calendar-secret
name: pg-calendar-secret
env:
- name: DB_PASSWORD
value: "$(DB_USER_PASSWORD)"
- name: DB_USERNAME
value: "$(DB_USER)"
- name: DB_DATABASE
value: "$(DB_NAME)"
{% endif %}
livenessProbe:
failureThreshold: 3
httpGet:
Expand Down
65 changes: 65 additions & 0 deletions ansible/roles/schulcloud-calendar-core/templates/job-database-init.yml.j2
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,65 @@
apiVersion: batch/v1
kind: Job
metadata:
name: pg-calendar-init-job-{{ 1000000 | random | hash('md5') }}
namespace: {{ NAMESPACE }}
labels:
app: calendar-postgres-init
app.kubernetes.io/part-of: schulcloud-verbund
app.kubernetes.io/name: calendar-postgres-init
app.kubernetes.io/component: calendar
app.kubernetes.io/managed-by: ansible
git.repo: {{ SCHULCLOUD_CALENDAR_REPO_NAME }}
spec:
template:
metadata:
labels:
app: calendar-postgres-init
app.kubernetes.io/part-of: schulcloud-verbund
app.kubernetes.io/name: calendar-postgres-init
app.kubernetes.io/component: calendar
app.kubernetes.io/managed-by: ansible
git.repo: {{ SCHULCLOUD_CALENDAR_REPO_NAME }}
spec:
volumes:
- name: config-script
configMap:
name: pg-calendar-configmap-init
# 711 in decimal is 457
defaultMode: 457
containers:
- name: psql-calendar-config
image: {{ POSTGRES_MANAGEMENT_JOB_IMAGE }}
command:
- /bin/bash
- -c
args:
- /scripts/config_script.sh
resources:
limits:
cpu: 1000m
memory: 1Gi
requests:
cpu: 100m
memory: 200Mi
volumeMounts:
- name: config-script
mountPath: /scripts/
envFrom:
- secretRef:
name: pg-calendar-secret
env:
- name: PGHOST
value: {{ POSTGRES_MANAGEMENT_HOST }}
- name: PGUSER
valueFrom:
secretKeyRef:
name: pg-cluster-secret
key: username
- name: PGPASSWORD
valueFrom:
secretKeyRef:
name: pg-cluster-secret
key: password
restartPolicy: Never
ttlSecondsAfterFinished: 1800
12 changes: 12 additions & 0 deletions ansible/roles/schulcloud-calendar-core/templates/secret-database.yml.j2
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,12 @@
apiVersion: v1
kind: Secret
metadata:
name: pg-calendar-secret
namespace: {{ NAMESPACE }}
labels:
app: calendar-postgres-init
type: Opaque
data:
DB_USER: "{{ (POSTGRES_MANAGEMENT_PREFIX + 'calendar') | b64encode }}"
DB_USER_PASSWORD: "{{ lookup('ansible.builtin.password', '/dev/null') | b64encode }}"
DB_NAME: "{{ (POSTGRES_MANAGEMENT_PREFIX + 'calendar') | b64encode }}"
12 changes: 11 additions & 1 deletion ansible/roles/schulcloud-calendar-init/tasks/main.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -15,12 +15,22 @@
name: calendar-db-init-file
when: not WITH_CALENDAR_INIT

- name: Test if init job exists
kubernetes.core.k8s_info:
kubeconfig: ~/.kube/config
namespace: "{{ NAMESPACE }}"
api_version: batch/v1
kind: Job
name: calendar-db-init-job
register: calendar_init_job_present
when: WITH_CALENDAR_INIT

- name: Calendar db init job
kubernetes.core.k8s:
kubeconfig: ~/.kube/config
namespace: "{{ NAMESPACE }}"
template: job_init_db.yml.j2
when: WITH_CALENDAR_INIT
when: WITH_CALENDAR_INIT and calendar_init_job_present.resources|length == 0

- name: Calendar db init job
kubernetes.core.k8s:
Expand Down
13 changes: 12 additions & 1 deletion ansible/roles/schulcloud-calendar-init/templates/job_init_db.yml.j2
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,10 +11,21 @@ spec:
- name: calendar-db-init
image: schulcloud/infra-tools:latest
envFrom:
- secretRef:
name: calendar-secret
- configMapRef:
name: calendar-configmap
{% if WITH_BRANCH_POSTGRES_DB_MANAGEMENT is defined and WITH_BRANCH_POSTGRES_DB_MANAGEMENT|bool %}
- secretRef:
name: calendar-secret
name: pg-calendar-secret
env:
- name: DB_PASSWORD
value: "$(DB_USER_PASSWORD)"
- name: DB_USERNAME
value: "$(DB_USER)"
- name: DB_DATABASE
value: "$(DB_NAME)"
{% endif %}
volumeMounts:
- name: script
mountPath: /update.sh
Expand Down

0 comments on commit 95f6132

Please sign in to comment.