diff --git a/.gitignore b/.gitignore index b56cc9a..c0a7e37 100644 --- a/.gitignore +++ b/.gitignore @@ -5,4 +5,5 @@ consignas.txt other *.tgz *.crt -*.key \ No newline at end of file +*.key +secrets.yaml \ No newline at end of file diff --git a/README.md b/README.md index 9b475b6..cd406e6 100644 --- a/README.md +++ b/README.md @@ -68,6 +68,12 @@ El script `run.sh` automatiza el proceso de implementación para un entorno de ` Verifica la existencia de un release de helm llamado "exam" y lo actualiza o instala según sea necesario. +8. **Configuración de Secrets (opcional):** + + Para no mantener los secretos en el SVC (si se utiliza uno), se pueden pasar a `helm` mediante un archivo `secrets.yaml` con la opción `-f`. Si existe `./helm/secrets.yaml` (en la carpeta `./helm`, es decir en la misma ubicación que `values.yaml`), se utilizarán estos valores; de lo contrario, se utilizarán los definidos en `values.yaml`. Estos valores sobrescribirán los existentes. + + Cabe destacar que al crear `./helm/secrets.yaml`, el script `run.sh` lo detectará automáticamente y lo utilizará al ejecutar `helm`. Por lo tanto, no es necesario realizar acciones adicionales, ya que el script gestionará la detección y el paso de este archivo a `helm`. + ### Uso ```bash diff --git a/data/db/create.sql b/data/db/create.sql index 44a51ca..8344e94 100644 --- a/data/db/create.sql +++ b/data/db/create.sql @@ -1,3 +1,21 @@ CREATE DATABASE api_prod; CREATE DATABASE api_dev; -CREATE DATABASE api_test; \ No newline at end of file +CREATE DATABASE api_test; + +\c api_prod; + +CREATE TABLE IF NOT EXISTS users ( + id SERIAL NOT NULL, + username VARCHAR(128) NOT NULL, + email VARCHAR(128) NOT NULL, + password VARCHAR(255) NOT NULL, + active BOOLEAN NOT NULL, + created_date TIMESTAMP WITHOUT TIME ZONE NOT NULL, + PRIMARY KEY (id) +) + +CREATE TABLE IF NOT EXISTS zones ( + id SERIAL PRIMARY KEY, + name VARCHAR(128) NOT NULL, + create_date TIMESTAMP DEFAULT CURRENT_TIMESTAMP NOT NULL +); diff --git a/data/sample-api-users/src/__init__.py b/data/sample-api-users/src/__init__.py index b8714f6..32deb4b 100644 --- a/data/sample-api-users/src/__init__.py +++ b/data/sample-api-users/src/__init__.py @@ -33,6 +33,4 @@ def create_app(script_info=None): def ctx(): return {"app": app, "db": db} - with app.app_context(): - db.create_all() - return app + return app diff --git a/helm/README.md b/helm/README.md index 4acfa98..0959921 100644 --- a/helm/README.md +++ b/helm/README.md @@ -135,4 +135,14 @@ Si se quiere actualizar los autogenerados por helm los pasos son: 1) Borrar `exam-crt` 2) Hacer upgrade -Note que si se hace un upgrade solo NO se regenerará el exam-crt. Esto es esperado ya que sino cada vez que modificamos algo se estará autogenerando un nuevo certificado!! \ No newline at end of file +Note que si se hace un upgrade solo NO se regenerará el exam-crt. Esto es esperado ya que sino cada vez que modificamos algo se estará autogenerando un nuevo certificado!! + + +--- + + + # Race condition: + # https://www.postgresql.org/message-id/CA+TgmoZAdYVtwBfp1FL2sMZbiHCWT4UPrzRLNnX1Nb30Ku3-gg@mail.gmail.com + # with app.app_context(): + # db.create_all() + # return app diff --git a/helm/secrets.yaml b/helm/secrets.yaml deleted file mode 100644 index 4112218..0000000 --- a/helm/secrets.yaml +++ /dev/null @@ -1,4 +0,0 @@ -secrets: - username: "username" - password: "password1234" - database-url: "postgresql://username:password1234@exam-db/api_prod" diff --git a/helm/templates/secrets.yaml b/helm/templates/secrets.yaml index cf3fcc6..0e880f7 100644 --- a/helm/templates/secrets.yaml +++ b/helm/templates/secrets.yaml @@ -6,8 +6,7 @@ metadata: {{- include "exam.labels" . | nindent 4 }} data: {{- range $key, $val := .Values.secrets }} - {{- $envKey := $key }} - {{ $envKey }}: {{ required "$envKey" $val | b64enc | quote }} + {{ $key }}: {{ required "A value is required, configure .Values.secrets or create secrets.yaml" $val | b64enc | quote }} {{- end }} type: Opaque --- diff --git a/helm/templates/stateful.yaml b/helm/templates/stateful.yaml new file mode 100644 index 0000000..e5f1370 --- /dev/null +++ b/helm/templates/stateful.yaml @@ -0,0 +1,85 @@ +{{- range .Values.statefuls }} +--- +apiVersion: apps/v1 +kind: StatefulSet +metadata: + name: {{ include "exam.fullname" $ }}-{{ .name }} + labels: + app: {{ .name }} + {{- include "exam.labels" $ | nindent 4 }} +spec: + serviceName: {{ include "exam.fullname" $ }}-{{ .name }} + replicas: 1 + selector: + matchLabels: + app: {{ .name }} + tier: {{ .tier }} + {{- include "exam.selectorLabels" $ | nindent 6 }} + template: + metadata: + labels: + app: {{ .name }} + tier: {{ .tier }} + {{- include "exam.selectorLabels" $ | nindent 8 }} + spec: + terminationGracePeriodSeconds: {{ default "30" .grace }} + {{- if .initContainer }} + initContainers: + - name: {{ .name }}-init + {{- with .image }} + image: {{ .repository }}:{{ .tag | default $.Chart.AppVersion }} + {{- end }} + {{- with .initContainer }} + {{- toYaml . | nindent 10 }} + {{- end }} + {{- end }} + containers: + - name: {{ .name }} + {{- with .image }} + image: {{ .repository }}:{{ .tag | default $.Chart.AppVersion }} + {{- end }} + ports: + - name: {{ .name }} + containerPort: {{ .port }} + {{- if .env }} + env: + {{- with .env }} + {{- range $key, $val := . }} + {{- if ne "secrets" $key }} + {{- $envKey := $key | upper | replace "-" "_" }} + - name: {{ $envKey }} + value: {{ quote $val }} + {{- else }} + {{- range $key, $val := $val }} + {{- $envKey := $key | upper | replace "-" "_" }} + - name: {{ $envKey }} + valueFrom: + secretKeyRef: + name: {{ include "exam.secrets" $ }} + key: {{ $val }} + {{- end }} + {{- end }} + {{- end }} + {{- end }} + {{- end }} + resources: {} + livenessProbe: + exec: + {{- toYaml .probe | nindent 14 }} + initialDelaySeconds: 5 + readinessProbe: + exec: + {{- toYaml .probe | nindent 14 }} + initialDelaySeconds: 5 + {{- if .mountPath }} + volumeMounts: + - mountPath: {{ .mountPath }} + name: {{ .storage }} + {{- end }} + {{- if .mountPath }} + volumes: + - name: {{ .storage }} + persistentVolumeClaim: + claimName: {{ include "exam.pvclaim" $ }} + {{- end }} +{{- end }} \ No newline at end of file diff --git a/helm/values.yaml b/helm/values.yaml index 4ef9e66..3ce85ef 100644 --- a/helm/values.yaml +++ b/helm/values.yaml @@ -51,11 +51,10 @@ services: tier: *dbTier port: *dbPort -# secrets.yaml secrets: - username: "username" - password: "password1234" - database-url: "postgresql://username:password1234@exam-db/api_prod" + username: "" + password: "" + database-url: "" pv: class: local-storage @@ -78,7 +77,6 @@ deployments: replicas: 3 initContainer: command: ['/bin/sh', '-c', 'until nc -z exam-db "${EXAM_DB_SERVICE_PORT-5432}"; do sleep 1; done;'] - # cmd: ['sh', '-c', 'until pg_isready -U username -h exam-db -p 5432; do sleep 1; done'] - client: name: *clientName tier: *clientTier @@ -86,9 +84,12 @@ deployments: repository: client tag: prod port: 80 + +statefuls: - db: name: *dbName tier: *dbTier + grace: 60 env: pgdata: /var/lib/postgresql/data/pgdata secrets: diff --git a/run.sh b/run.sh index d409ddd..22d5e23 100755 --- a/run.sh +++ b/run.sh @@ -10,14 +10,16 @@ postgres_version= enable_ssl= api_replicas= fluentd=false +seed_db=false -while getopts "ifhp:s:r:" arg; do +while getopts "idfhp:s:r:" arg; do case $arg in i) interactive=true ;; p) postgres_version=${OPTARG} ;; s) enable_ssl=${OPTARG} ;; r) api_replicas=${OPTARG} ;; f) fluentd=true ;; + d) seed_db=true ;; *) usage ;; esac done @@ -36,6 +38,7 @@ if [ "$interactive" == true ]; then read -p "Do you want to enable SSL? [y/N]: " enable_ssl read -p "Enter the number of replicas for the API: " api_replicas read -p "Do you want to enable fluentd? [y/N]: " fluentd + read -p "Do you want to seed the database with some data? [y/N]: " seed_db fi if [ -n "$postgres_version" ]; then @@ -79,9 +82,23 @@ $START_MINIKUBE && minikube addons enable ingress helm dependency list helm | grep -q "missing" && helm dependency build helm +VALUES=("-f" "helm/values.yaml") + if [ "$fluentd" == true ] || [ "$fluentd" == "y" ] || [ "$fluentd" == "Y" ]; then - VALUES=("-f" "helm/values.yaml" "-f" "helm/fluentd.yaml") + VALUES+=("-f" "helm/fluentd.yaml") + [ -f 'helm/secrets.yaml' ] && VALUES+=("-f" "helm/secrets.yaml") helm status exam -n exam > /dev/null 2>&1 && helm upgrade exam ./helm -n exam ${VALUES[@]} || helm install exam ./helm -n exam ${VALUES[@]} else - helm status exam -n exam > /dev/null 2>&1 && helm upgrade exam ./helm -n exam || helm install exam ./helm -n exam + [ -f 'helm/secrets.yaml' ] && VALUES+=("-f" "helm/secrets.yaml") + helm status exam -n exam > /dev/null 2>&1 && helm upgrade exam ./helm -n exam ${VALUES[@]} || helm install exam ./helm -n exam ${VALUES[@]} +fi + +if [ -n "$seed_db" ]; then + if [ "$seed_db" == true ] || [ "$seed_db" == "y" ] || [ "$seed_db" == "Y" ]; then + API_POD=$(kubectl get pods -n exam --selector=app=api --template '{{range .items}}{{.metadata.name}}{{break}}{{end}}') + [ -z "$API_POD" ] && exit 1 + echo "Waiting for the API pod to start. Please be patient..." + kubectl -n exam wait pod/${API_POD} --for=condition=Ready --timeout=-1s + kubectl -n exam exec -it ${API_POD} -- python manage.py seed_db + fi fi \ No newline at end of file