diff --git a/.github/environments/values.pr.yaml b/.github/environments/values.pr.yaml index 55dd5b49..299fe54c 100644 --- a/.github/environments/values.pr.yaml +++ b/.github/environments/values.pr.yaml @@ -3,40 +3,42 @@ features: basicAuth: true oidcAuth: true defaultBucket: false +# +# +# We don't deploy a postgrescluster for PR's +# postgres: +# enabled: true -postgres: - enabled: true +# # -------------------------------- +# # --------crunchydb config: ------ +# # -------------------------------- - # -------------------------------- - # --------crunchydb config: ------ - # -------------------------------- +# instances: +# - name: db # do not change this name after initial install, pvc (data) and stateful sets will be deleted +# replicas: 3 +# dataVolumeClaimSpec: +# accessModes: +# - "ReadWriteOnce" +# resources: +# requests: +# storage: .5Gi +# storageClassName: "netapp-block-standard" +# resources: +# requests: +# cpu: 50m +# memory: 128Mi +# limits: +# cpu: 100m +# memory: 256Mi +# sidecars: +# replicaCertCopy: +# resources: +# requests: +# cpu: 1m +# memory: 32Mi +# limits: +# cpu: 50m +# memory: 64Mi - instances: - - name: db # do not change this name after initial install, pvc (data) and stateful sets will be deleted - replicas: 3 - dataVolumeClaimSpec: - accessModes: - - "ReadWriteOnce" - resources: - requests: - storage: .5Gi - storageClassName: "netapp-block-standard" - resources: - requests: - cpu: 50m - memory: 128Mi - limits: - cpu: 100m - memory: 256Mi - sidecars: - replicaCertCopy: - resources: - requests: - cpu: 1m - memory: 32Mi - limits: - cpu: 50m - memory: 64Mi - - # -------- backups --------- - pgBackRestConfig: {} +# # -------- backups --------- +# pgBackRestConfig: {} diff --git a/.github/environments/values.test.yaml b/.github/environments/values.test.yaml index ea0cea23..e001d2d1 100644 --- a/.github/environments/values.test.yaml +++ b/.github/environments/values.test.yaml @@ -41,7 +41,7 @@ postgres: - "ReadWriteOnce" resources: requests: - storage: 1Gi + storage: 5Gi storageClassName: "netapp-block-standard" resources: requests: diff --git a/charts/NOTES.md b/charts/NOTES.md new file mode 100644 index 00000000..45e07000 --- /dev/null +++ b/charts/NOTES.md @@ -0,0 +1,31 @@ +# PostreSQL Deployment for the Common Object Management Service + +The `postgrescluster` [Helm Chart](https://github.com/bcgov/common-object-management-service/blob/master/charts/postgres/Chart.yaml) is a fork of the official [CrunchyData](https://access.crunchydata.com/documentation/postgres-operator/latest/installation/helm) Helm chart example [version: 5.6.0](https://github.com/CrunchyData/postgres-operator-examples/tree/main/helm/postgres). No changes have been made to the `postgres.yaml` PostgresCluster template or the `values.yaml` files. + +2 additional templates have been added to our copy of the repo, that should not need editing, whose values are passed in during deployment: + +- `pgbackrest-s3-secret.yaml` to store S3 credentials, should you enable postgres data backeups to S3 using pgBackrest +- `postgres-bootstrap-sql-configmap.yaml` a config map containing any psql commands you want to run when crunchyDB initializes (see `databaseInitSQL` value) + +Our pipeline installs the main `coms` Helm chart which has this `postgrescluster` Helm chart as a 'local' dependency. Note, we are using an alias of `postgres` for our postgrescluster chart. The values we pass to this postgrescluster Helm chart are provided in the `postgres` section of our main parent `coms` Helm chart. Our pipeline uses distinct sets of values for each deployment environment. We use this override methodology: + +- defaults exist in subchart postgres +- overrides that apply to all coms environments are defined in `charts/coms/values.yaml` file +overrides specific to a single environment are defined in `.github/environments/values..yaml` + +## Other Things to note + +- in COMS pipeline we pass this in Helm deploy command in github action (eg: `--set postgres. name=postgres-master`). This name is required in the postgres templates and becomes the `name` of the PostgresCluster object. + +- In our values we provide a `users` object to create a database and user that our COMS app will use. + +```yaml + users: + - name: app + databases: + - app +``` + +When crunchyDB is installed a secret is created called `postgres-master-pguser-app` that contains postgres credentials that must be referenced in our [COMS deployment template](https://github.com/bcgov/common-object-management-service/blob/921154defa5ba0baa35ed55a4d3436c456017701/charts/coms/templates/deploymentconfig.yaml#L5) + +- PR deployments of COMS deploy a dedicated instance of the COMS app in our DEV environment in OPenShift. To reduce server resources, instead of also deploying an extra instance of CrunchyDB, the GitHub action 'On PR Opened' creates a temporary database and user (both named, eg `pr-123`) in the `master` (main) DEV instance of Postgres, that will get dropped when the PR is merged. diff --git a/charts/coms/Chart.yaml b/charts/coms/Chart.yaml index 3d742782..8f5b631b 100644 --- a/charts/coms/Chart.yaml +++ b/charts/coms/Chart.yaml @@ -3,7 +3,7 @@ name: common-object-management-service # This is the chart version. This version number should be incremented each time you make changes # to the chart and its templates, including the app version. # Versions are expected to follow Semantic Versioning (https://semver.org/) -version: 1.1.7 +version: 2.0.0 kubeVersion: ">= 1.13.0" description: A microservice for managing access control to S3 Objects # A chart can be either an 'application' or a 'library' chart. @@ -28,7 +28,7 @@ sources: - https://github.com/bcgov/common-object-management-service dependencies: - name: postgrescluster - version: 1.1.7 + version: 2.0.0 repository: "file://../postgres" condition: postgres.enabled alias: postgres diff --git a/charts/coms/README.md b/charts/coms/README.md index 58816cf8..a13827df 100644 --- a/charts/coms/README.md +++ b/charts/coms/README.md @@ -1,6 +1,6 @@ # common-object-management-service -![Version: 0.0.22](https://img.shields.io/badge/Version-0.0.22-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.8.0](https://img.shields.io/badge/AppVersion-0.8.0-informational?style=flat-square) +![Version: 2.0.0](https://img.shields.io/badge/Version-2.0.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.8.0](https://img.shields.io/badge/AppVersion-0.8.0-informational?style=flat-square) A microservice for managing access control to S3 Objects @@ -22,7 +22,7 @@ Kubernetes: `>= 1.13.0` | Repository | Name | Version | |------------|------|---------| -| https://bcgov.github.io/nr-patroni-chart | patroni | ~0.0.4 | +| file://../postgres | postgres(postgrescluster) | 2.0.0 | ## Values @@ -55,12 +55,56 @@ Kubernetes: `>= 1.13.0` | networkPolicy.enabled | bool | `true` | Specifies whether a network policy should be created | | objectStorageSecretOverride.password | string | `nil` | Object storage password | | objectStorageSecretOverride.username | string | `nil` | Object storage username | -| postgres.enabled | bool | `false` | Controls whether to enable managing a Postgres db dependency as a part of the helm release | | podAnnotations | object | `{}` | Annotations for coms pods | | podSecurityContext | object | `{}` | Privilege and access control settings | +| postgres.databaseInitSQL.key | string | `"bootstrap.sql"` | | +| postgres.databaseInitSQL.name | string | `"bootstrap-sql"` | | +| postgres.databaseInitSQL.sql | string | `"\\c app;\nALTER DATABASE app OWNER TO app;\nALTER SCHEMA public OWNER TO app;\nREVOKE CREATE ON SCHEMA public FROM PUBLIC;\nCREATE SCHEMA invite;\nALTER SCHEMA invite OWNER TO app;\nCREATE SCHEMA audit;\nALTER SCHEMA audit OWNER TO app;\nCREATE SCHEMA queue;\nALTER SCHEMA queue OWNER TO app;\n"` | | +| postgres.enabled | bool | `true` | | +| postgres.instances[0].dataVolumeClaimSpec.accessModes[0] | string | `"ReadWriteOnce"` | | +| postgres.instances[0].dataVolumeClaimSpec.resources.requests.storage | string | `"1Gi"` | | +| postgres.instances[0].dataVolumeClaimSpec.storageClassName | string | `"netapp-block-standard"` | | +| postgres.instances[0].name | string | `"db"` | | +| postgres.instances[0].replicas | int | `2` | | +| postgres.instances[0].resources.limits.cpu | string | `"100m"` | | +| postgres.instances[0].resources.limits.memory | string | `"256Mi"` | | +| postgres.instances[0].resources.requests.cpu | string | `"50m"` | | +| postgres.instances[0].resources.requests.memory | string | `"128Mi"` | | +| postgres.instances[0].sidecars.replicaCertCopy.resources.limits.cpu | string | `"50m"` | | +| postgres.instances[0].sidecars.replicaCertCopy.resources.limits.memory | string | `"64Mi"` | | +| postgres.instances[0].sidecars.replicaCertCopy.resources.requests.cpu | string | `"1m"` | | +| postgres.instances[0].sidecars.replicaCertCopy.resources.requests.memory | string | `"32Mi"` | | +| postgres.monitoring | bool | `false` | | +| postgres.pgBackRestConfig.jobs.resources.limits.cpu | string | `"50m"` | | +| postgres.pgBackRestConfig.jobs.resources.limits.memory | string | `"128Mi"` | | +| postgres.pgBackRestConfig.jobs.resources.requests.cpu | string | `"10m"` | | +| postgres.pgBackRestConfig.jobs.resources.requests.memory | string | `"64Mi"` | | +| postgres.pgBackRestConfig.manual.options[0] | string | `"--type=full"` | | +| postgres.pgBackRestConfig.manual.repoName | string | `"repo1"` | | +| postgres.pgBackRestConfig.repoHost.resources.limits.cpu | string | `"50m"` | | +| postgres.pgBackRestConfig.repoHost.resources.limits.memory | string | `"256Mi"` | | +| postgres.pgBackRestConfig.repoHost.resources.requests.cpu | string | `"20m"` | | +| postgres.pgBackRestConfig.repoHost.resources.requests.memory | string | `"128Mi"` | | +| postgres.pgBackRestConfig.sidecars.pgbackrest.resources.limits.cpu | string | `"20m"` | | +| postgres.pgBackRestConfig.sidecars.pgbackrest.resources.limits.memory | string | `"64Mi"` | | +| postgres.pgBackRestConfig.sidecars.pgbackrest.resources.requests.cpu | string | `"5m"` | | +| postgres.pgBackRestConfig.sidecars.pgbackrest.resources.requests.memory | string | `"16Mi"` | | +| postgres.pgBackRestConfig.sidecars.pgbackrestConfig.resources.limits.cpu | string | `"20m"` | | +| postgres.pgBackRestConfig.sidecars.pgbackrestConfig.resources.limits.memory | string | `"64Mi"` | | +| postgres.pgBackRestConfig.sidecars.pgbackrestConfig.resources.requests.cpu | string | `"5m"` | | +| postgres.pgBackRestConfig.sidecars.pgbackrestConfig.resources.requests.memory | string | `"32Mi"` | | +| postgres.pgBouncerConfig.config.global.client_tls_sslmode | string | `"disable"` | | +| postgres.pgBouncerConfig.replicas | int | `2` | | +| postgres.pgBouncerConfig.resources.limits.cpu | string | `"20m"` | | +| postgres.pgBouncerConfig.resources.limits.memory | string | `"64Mi"` | | +| postgres.pgBouncerConfig.resources.requests.cpu | string | `"5m"` | | +| postgres.pgBouncerConfig.resources.requests.memory | string | `"32Mi"` | | +| postgres.postgresVersion | int | `16` | ------------------------------ note: override methodology: - defaults exist in subchart postgres - overrides that apply to all coms environments are defined in this values.yaml file - overrides specific to a single environment are defined in values..yaml name of the cluster. in COMS pipeline we pass this in Helm deploy command in github action eg: --set postgres.name=postgres-master name: postgres-master | +| postgres.users[0].databases[0] | string | `"app"` | | +| postgres.users[0].name | string | `"app"` | | | replicaCount | int | `2` | | | resources.limits.cpu | string | `"200m"` | Limit Peak CPU (in millicores ex. 1000m) | -| resources.limits.memory | string | `"512Mi"` | Limit Peak Memory (in gigabytes Gi or megabytes Mi ex. 2Gi) | +| resources.limits.memory | string | `"256Mi"` | Limit Peak Memory (in gigabytes Gi or megabytes Mi ex. 2Gi) | | resources.requests.cpu | string | `"50m"` | Requested CPU (in millicores ex. 500m) | | resources.requests.memory | string | `"128Mi"` | Requested Memory (in gigabytes Gi or megabytes Mi ex. 500Mi) | | route.annotations | object | `{}` | Annotations to add to the route | @@ -78,4 +122,4 @@ Kubernetes: `>= 1.13.0` | serviceAccount.name | string | `nil` | The name of the service account to use. If not set and create is true, a name is generated using the fullname template | ---------------------------------------------- -An Autogenerated from chart metadata using [helm-docs v1.11.3](https://github.com/norwoodj/helm-docs/releases/v1.11.3) +Autogenerated from chart metadata using [helm-docs v1.14.2](https://github.com/norwoodj/helm-docs/releases/v1.14.2) diff --git a/charts/coms/values.yaml b/charts/coms/values.yaml index c4fb3be4..2f7ac3d8 100644 --- a/charts/coms/values.yaml +++ b/charts/coms/values.yaml @@ -241,7 +241,9 @@ postgres: - name: app databases: - app - # databaseInitSQL references a ConfigMap that contains a SQL file that should be + # Custom SQL commands we want to run, that get added to a ConfigMap + # that crunchyDB references duriing intialization + # gives our app permissions on the schemas (also required to run our knex migrations) databaseInitSQL: name: bootstrap-sql key: bootstrap.sql diff --git a/charts/postgres/Chart.yaml b/charts/postgres/Chart.yaml index da764c61..1b3decf4 100644 --- a/charts/postgres/Chart.yaml +++ b/charts/postgres/Chart.yaml @@ -2,6 +2,7 @@ apiVersion: v2 name: postgrescluster description: A Helm chart for Kubernetes type: application -# The version below should match the version on the PostgresCluster CRD -version: 1.1.7 -appVersion: 5.6.0 +# postgrescluster Helm Chart version +version: 2.0.0 +# PostgresCluster CRD version +appVersion: 5.5.1 diff --git a/charts/postgres/README.md b/charts/postgres/README.md new file mode 100644 index 00000000..91455943 --- /dev/null +++ b/charts/postgres/README.md @@ -0,0 +1,14 @@ +# postgrescluster + +![Version: 2.0.0](https://img.shields.io/badge/Version-2.0.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 5.5.1](https://img.shields.io/badge/AppVersion-5.5.1-informational?style=flat-square) + +A Helm chart for Kubernetes + +## Values + +| Key | Type | Default | Description | +|-----|------|---------|-------------| +| postgresVersion | int | `16` | | + +---------------------------------------------- +Autogenerated from chart metadata using [helm-docs v1.14.2](https://github.com/norwoodj/helm-docs/releases/v1.14.2)