Move cluster secret and db deletion back to general role

hpi-schul-cloud · Apr 23, 2024 · f47476b · f47476b
1 parent d915653
commit f47476b
Show file tree

Hide file tree

Showing 10 changed files with 53 additions and 155 deletions.
diff --git a/ansible/roles/schulcloud-calendar-core/tasks/main.yml b/ansible/roles/schulcloud-calendar-core/tasks/main.yml
@@ -1,8 +1,33 @@
-  - name: Create database
-    include_tasks: postgres_management.yml
-    vars:
-      database_name: calendar
-    when: WITH_BRANCH_POSTGRES_DB_MANAGEMENT is defined and WITH_BRANCH_POSTGRES_DB_MANAGEMENT
+  - name: Check if secret with database credentials already exists
+    kubernetes.core.k8s_info:
+      kubeconfig: ~/.kube/config
+      namespace: "{{ NAMESPACE }}"
+      kind: Secret
+      name: "pg-calendar-secret"
+    register: db_secret_present
+    when: WITH_BRANCH_POSTGRES_DB_MANAGEMENT
+
+  - name: Create Secret for the database (if not existing)
+    kubernetes.core.k8s:
+      kubeconfig: ~/.kube/config
+      namespace: "{{ NAMESPACE }}"
+      template: secret-database.yml.j2
+    when: WITH_BRANCH_POSTGRES_DB_MANAGEMENT and db_secret_present.resources|length == 0
+
+  - name: Create ConfigMap with database configuration script
+    kubernetes.core.k8s:
+      kubeconfig: ~/.kube/config
+      namespace: "{{ NAMESPACE }}"
+      template: configmap-database-init.yml.j2
+      apply: yes
+    when: WITH_BRANCH_POSTGRES_DB_MANAGEMENT
+
+  - name: Create/execute database configuration script
+    kubernetes.core.k8s:
+      kubeconfig: ~/.kube/config 
+      namespace: "{{ NAMESPACE }}"
+      template: job-database-init.yml.j2
+    when: WITH_BRANCH_POSTGRES_DB_MANAGEMENT
 
   - name: Service
     kubernetes.core.k8s:

diff --git a/ansible/roles/schulcloud-calendar-core/tasks/postgres_management.yml b/ansible/roles/schulcloud-calendar-core/tasks/postgres_management.yml
diff --git a/...management/configmap-database-init.yml.j2 → .../templates/configmap-database-init.yml.j2 b/...management/configmap-database-init.yml.j2 → .../templates/configmap-database-init.yml.j2
@@ -1,10 +1,10 @@
 apiVersion: v1
 kind: ConfigMap
 metadata:
-  name: pg-{{ database_name }}-configmap-init
+  name: pg-calendar-configmap-init
   namespace: {{ NAMESPACE }}
   labels:
-    app: postgres
+    app: calendar-postgres-init
 data:
   config_script.sh: |
     #!/bin/bash

diff --git a/ansible/roles/schulcloud-calendar-core/templates/configmap.yml.j2 b/ansible/roles/schulcloud-calendar-core/templates/configmap.yml.j2
@@ -17,6 +17,6 @@ data:
   IS_MIGRATION: "{{ CAL_IS_MIGRATION }}"
 {% endif %}
 {% if WITH_BRANCH_POSTGRES_DB_MANAGEMENT is defined and WITH_BRANCH_POSTGRES_DB_MANAGEMENT|bool %}
-  DB_HOST: "{{ POSTGRES_HOST }}"
+  DB_HOST: "{{ POSTGRES_MANAGEMENT_HOST }}"
   DB_SSL: "true"
 {% endif %}
diff --git a/...tgres_management/job-database-init.yml.j2 → ...r-core/templates/job-database-init.yml.j2 b/...tgres_management/job-database-init.yml.j2 → ...r-core/templates/job-database-init.yml.j2
@@ -1,23 +1,23 @@
 apiVersion: batch/v1
 kind: Job
 metadata:
-  name: pg-{{ database_name }}-init-job-{{ 1000000 | random | hash('md5') }}
+  name: pg-calendar-init-job-{{ 1000000 | random | hash('md5') }}
   namespace: {{ NAMESPACE }}
 spec:
   template:
     metadata:
       labels:
-        app: postgres
+        app: calendar-postgres-init
     spec:
       volumes:
         - name: config-script
           configMap:
-            name: pg-{{ database_name }}-configmap-init
+            name: pg-calendar-configmap-init
             # 711 in decimal is 457
             defaultMode: 457
       containers:
-        - name:  psql-config
-          image: {{ POSTGRES_JOB_IMAGE }}
+        - name:  psql-calendar-config
+          image: {{ POSTGRES_MANAGEMENT_JOB_IMAGE }}
           command:
             - /bin/bash
             - -c
@@ -35,10 +35,10 @@ spec:
               mountPath: /scripts/
           envFrom:
             - secretRef:
-                name: pg-{{ database_name }}-secret
+                name: pg-calendar-secret
           env:
             - name: PGHOST
-              value: {{ POSTGRES_HOST }}
+              value: {{ POSTGRES_MANAGEMENT_HOST }}
             - name: PGUSER
               valueFrom:
                 secretKeyRef:
@@ -50,4 +50,4 @@ spec:
                   name: pg-cluster-secret
                   key: password
       restartPolicy: Never
-  ttlSecondsAfterFinished: 86400
+  ttlSecondsAfterFinished: 1800
diff --git a/...schulcloud-calendar-core/templates/postgres_management/configmap-database-deletion.yml.j2 b/...schulcloud-calendar-core/templates/postgres_management/configmap-database-deletion.yml.j2
diff --git a/...roles/schulcloud-calendar-core/templates/postgres_management/job-database-deletion.yml.j2 b/...roles/schulcloud-calendar-core/templates/postgres_management/job-database-deletion.yml.j2
diff --git a/...oles/schulcloud-calendar-core/templates/postgres_management/onepassword-pg-cluster.yml.j2 b/...oles/schulcloud-calendar-core/templates/postgres_management/onepassword-pg-cluster.yml.j2
diff --git a/ansible/roles/schulcloud-calendar-core/templates/postgres_management/secret-database.yml.j2 b/ansible/roles/schulcloud-calendar-core/templates/postgres_management/secret-database.yml.j2
diff --git a/ansible/roles/schulcloud-calendar-core/templates/secret-database.yml.j2 b/ansible/roles/schulcloud-calendar-core/templates/secret-database.yml.j2
@@ -0,0 +1,12 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: pg-calendar-secret
+  namespace: {{ NAMESPACE }}
+  labels:
+    app: calendar-postgres-init
+type: Opaque
+data:
+    DB_USER: "{{ (POSTGRES_MANAGEMENT_PREFIX + 'calendar') | b64encode }}"
+    DB_USER_PASSWORD: "{{ lookup('ansible.builtin.password', '/dev/null') | b64encode }}"
+    DB_NAME: "{{ (POSTGRES_MANAGEMENT_PREFIX + 'calendar') | b64encode }}"