Skip to content

Commit

Permalink
feat: adds template to determine database and keycloak secret name
Browse files Browse the repository at this point in the history
  • Loading branch information
ahennr committed Apr 30, 2024
1 parent 9e933be commit b451b36
Show file tree
Hide file tree
Showing 11 changed files with 86 additions and 20 deletions.
2 changes: 2 additions & 0 deletions charts/shogun/Chart.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -35,6 +35,8 @@ dependencies:
version: "*"
repository: "file://../mapfish-print"
condition: mapfish-print.enabled
- name: shogun-common
version: "*"
# Disabled for now
# - name: gnos
# version: "0.1.0"
Expand Down
4 changes: 2 additions & 2 deletions charts/shogun/charts/shogun-boot/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -44,9 +44,9 @@ This table lists all required secrets for the chart. Please note that currently

| Internal environment variable name | Description | Secret name | Secret key |
|------------------------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-------------|------------|
| `DB_USER` | The database user (see `postgres.host`). | `postgres-credentials` | `username` |
| `DB_USER` | The database user (see `postgres.user`). | `postgres-credentials` | `username` |
| `DB_PASSWORD` | The password for the database user. | `postgres-credentials` | `password` |
| `KEYCLOAK_USER` | The name of a Keycloak user (inside the `keycloak.masterRealm`) that has granted some asorted realm management roles (currently `query_users` and `view_users` are required). This user is needed for getting some user details like the username on-the-fly and doesn't require any write priviliges. | `keycloak-credentials` | `username` |
| `KEYCLOAK_PASSWORD` | The password of the Keycloak user. | `keycloak-credentials` | `password` |
| `MAIL_USER` | The name of the mail user (only needed if `mail.enabled`). | `mail-credentials` | `username` |
| `MAIL_PASSWORD` | The password of the mail user (only needed if `mail.enabled`). | `mail-credentials` | `password` |
| `MAIL_PASSWORD` | The password of the mail user (only needed if `mail.enabled`). | `mail-credentials` | `password` |
6 changes: 3 additions & 3 deletions charts/shogun/charts/shogun-boot/templates/configmap.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -8,8 +8,8 @@ data:
init-sh: |-
#!/bin/sh
export PGPASSWORD=${DB_PASSWORD}
echo "SELECT 'CREATE DATABASE {{ .Values.postgres.databasename }}' WHERE NOT EXISTS (SELECT FROM pg_database WHERE datname = '{{ .Values.postgres.databasename }}')\gexec" | psql -h {{ .Values.postgres.host }} -U ${DB_USER}
psql -h {{ .Values.postgres.host }} -U ${DB_USER} {{ .Values.postgres.databasename }} -c 'CREATE EXTENSION IF NOT EXISTS postgis;'
echo "SELECT 'CREATE DATABASE {{ .Values.postgres.databasename }}' WHERE NOT EXISTS (SELECT FROM pg_database WHERE datname = '{{ .Values.postgres.databasename }}')\gexec" | psql -h {{ include "shogun-common.database.host" . }} -U ${DB_USER}
psql -h {{ include "shogun-common.database.host" . }} -U ${DB_USER} {{ .Values.postgres.databasename }} -c 'CREATE EXTENSION IF NOT EXISTS postgis;'
application-config: |-
server:
port: 8080
Expand Down Expand Up @@ -88,7 +88,7 @@ data:
outOfOrder: false
datasource:
platform: postgres
url: jdbc:postgresql://{{ .Values.postgres.host }}/{{ .Values.postgres.databasename }}?currentSchema={{ .Values.postgres.schema }}
url: jdbc:postgresql://{{ include "shogun-common.database.host" . }}/{{ .Values.postgres.databasename }}?currentSchema={{ .Values.postgres.schema }}
username: ${DB_USER}
password: ${DB_PASSWORD}
session:
Expand Down
14 changes: 7 additions & 7 deletions charts/shogun/charts/shogun-boot/templates/statefulset.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -33,7 +33,7 @@ spec:
- name: check-db-ready
image: {{ .Values.postgresInitImage }}
command: ['sh', '-c',
'until pg_isready -h {{ .Values.postgres.host }} -p {{ .Values.postgres.port }};
'until pg_isready -h {{ include "shogun-common.database.host" . }} -p {{ .Values.postgres.port }};
do echo waiting for database; sleep 2; done;']
- name: check-db
image: {{ .Values.postgresInitImage }}
Expand All @@ -47,8 +47,8 @@ spec:
- name: DB_PASSWORD
valueFrom:
secretKeyRef:
name: {{ .Values.postgres.credentialsSecret }}
key: {{ .Values.postgres.credentialsSecretKeyPassword }}
name: {{ include "shogun-common.database.shogun.credentialsSecret" . }}
key: {{ include "shogun-common.database.shogun.credentialsSecretKeyPassword" . }}
containers:
- name: {{ .Chart.Name }}
securityContext:
Expand All @@ -61,15 +61,15 @@ spec:
- name: DB_PASSWORD
valueFrom:
secretKeyRef:
name: {{ .Values.postgres.credentialsSecret }}
key: {{ .Values.postgres.credentialsSecretKeyPassword }}
name: {{ include "shogun-common.database.shogun.credentialsSecret" . }}
key: {{ include "shogun-common.database.shogun.credentialsSecretKeyPassword" . }}
- name: KEYCLOAK_USER
value: {{ .Values.keycloak.userName }}
- name: KEYCLOAK_PASSWORD
valueFrom:
secretKeyRef:
name: {{ .Values.keycloak.passwordSecret }}
key: admin-password
name: {{ include "shogun-common.keycloak.credentialsSecret" . }}
key: {{ include "shogun-common.keycloak.credentialsSecretKeyPassword" . }}
{{- if .Values.mail.enabled }}
- name: MAIL_USER
valueFrom:
Expand Down
4 changes: 0 additions & 4 deletions charts/shogun/charts/shogun-boot/values.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -93,13 +93,10 @@ affinity: {}
postgresInitImage: docker.terrestris.de/postgis/postgis:16-3.4-alpine

postgres:
host: postgis.default.svc.cluster.local
port: 5432
databasename: shogun
schema: shogun
username: shogun
credentialsSecret: postgres-credentials
credentialsSecretKeyPassword: password

keycloak:
url: https://example.com/auth
Expand All @@ -108,7 +105,6 @@ keycloak:
masterRealm: master
adminClientId: admin-cli
userName: admin
passwordSecret: shogun-keycloak

shogun:
additionalJavaArgs: -Xms512m -Xmx512m -Djdk.serialSetFilterAfterRead=true -Dspring.config.location=/config/application.yml -Dlog4j2.configurationFile=file:/config/log4j2.yml
Expand Down
23 changes: 23 additions & 0 deletions charts/shogun/charts/shogun-common/.helmignore
Original file line number Diff line number Diff line change
@@ -0,0 +1,23 @@
# Patterns to ignore when building packages.
# This supports shell glob matching, relative path matching, and
# negation (prefixed with !). Only one pattern per line.
.DS_Store
# Common VCS dirs
.git/
.gitignore
.bzr/
.bzrignore
.hg/
.hgignore
.svn/
# Common backup files
*.swp
*.bak
*.tmp
*.orig
*~
# Various IDEs
.project
.idea/
*.tmproj
.vscode/
6 changes: 6 additions & 0 deletions charts/shogun/charts/shogun-common/Chart.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,6 @@
apiVersion: v2
name: shogun-common
description: Common utils for SHOGun helm
type: library
version: 0.0.1
appVersion: 0.0.1
17 changes: 17 additions & 0 deletions charts/shogun/charts/shogun-common/templates/_db.tpl
Original file line number Diff line number Diff line change
@@ -0,0 +1,17 @@
{{/*
Create the name of the database host to use
*/}}
{{- define "shogun-common.database.host" -}}
{{- $name := default "postgis" .Values.postgres.host }}
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
{{- end }}

{{- define "shogun-common.database.shogun.credentialsSecret" -}}
{{- $name := default "postgis-shogun-credentials" .Values.postgres.credentialsSecret }}
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
{{- end }}

{{- define "shogun-common.database.shogun.credentialsSecretKeyPassword" -}}
{{- $name := default "shogun-password" .Values.postgres.credentialsSecretKeyPassword }}
{{- printf "%s" $name }}
{{- end }}
19 changes: 19 additions & 0 deletions charts/shogun/charts/shogun-common/templates/_keycloak.tpl
Original file line number Diff line number Diff line change
@@ -0,0 +1,19 @@
{{- define "shogun-common.keycloak.credentialsSecret" -}}
{{- $name := default "keycloak" .Values.keycloak.passwordSecret }}
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
{{- end }}

{{- define "shogun-common.keycloak.credentialsSecretKeyPassword" -}}
{{- $name := default "admin-password" .Values.keycloak.secretKeyPassword }}
{{- printf "%s" $name }}
{{- end }}

{{- define "shogun-common.keycloak.postgis.credentialsSecret" -}}
{{- $name := default "postgis-keycloak-credentials" .Values.keycloak.externalDatabase.existingSecret }}
{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
{{- end }}

{{- define "shogun-common.keycloak.postgis.credentialsSecretKeyPassword" -}}
{{- $name := default "custom-user-password" .Values.keycloak.externalDatabase.existingSecretPasswordKey }}
{{- printf "%s" $name }}
{{- end }}
3 changes: 3 additions & 0 deletions charts/shogun/charts/shogun-common/values.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
# Default values for shogun-common.
# This is a YAML-formatted file.
# Declare variables to be passed into your templates.
8 changes: 4 additions & 4 deletions charts/shogun/values.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -40,9 +40,9 @@ shogun-boot:
# hosts:
# - shogun.local
postgres:
host: shogun-postgis.default.svc.cluster.local
credentialsSecret: shogun-postgis-shogun-credentials
credentialsSecretKeyPassword: shogun-password
host:
credentialsSecret:
credentialsSecretKeyPassword:
keycloak:
host: shogun-keycloak.default.svc.cluster.local

Expand Down Expand Up @@ -129,7 +129,7 @@ keycloak:
host: shogun-postgis.default.svc.cluster.local
user: keycloak
database: keycloak
existingSecret: shogun-postgis-keycloak-credentials
existingSecret: test-shogun-postgis-keycloak-credentials
existingSecretPasswordKey: custom-user-password

mapfish-print:
Expand Down

0 comments on commit b451b36

Please sign in to comment.