Use stateful set and fix bugs

2023-11-24 10:30:18 -03:00 · 2023-11-24 10:30:18 -03:00 · 96c4fd0611
parent 5736188d4c
commit 96c4fd0611
10 changed files with 151 additions and 20 deletions
--- a/.gitignore
+++ b/.gitignore
@ -6,3 +6,4 @@ other
 *.tgz
 *.crt
 *.key
+secrets.yaml
--- a/README.md
+++ b/README.md
@ -68,6 +68,12 @@ El script `run.sh` automatiza el proceso de implementación para un entorno de `

   Verifica la existencia de un release de helm llamado "exam" y lo actualiza o instala según sea necesario.

+8. **Configuración de Secrets (opcional):**
+
+   Para no mantener los secretos en el SVC (si se utiliza uno), se pueden pasar a `helm` mediante un archivo `secrets.yaml` con la opción `-f`. Si existe `./helm/secrets.yaml` (en la carpeta `./helm`, es decir en la misma ubicación que `values.yaml`), se utilizarán estos valores; de lo contrario, se utilizarán los definidos en `values.yaml`. Estos valores sobrescribirán los existentes.
+
+   Cabe destacar que al crear `./helm/secrets.yaml`, el script `run.sh` lo detectará automáticamente y lo utilizará al ejecutar `helm`. Por lo tanto, no es necesario realizar acciones adicionales, ya que el script gestionará la detección y el paso de este archivo a `helm`.
+
 ### Uso

 ```bash
--- a/data/db/create.sql
+++ b/data/db/create.sql
@ -1,3 +1,21 @@
 CREATE DATABASE api_prod;
 CREATE DATABASE api_dev;
 CREATE DATABASE api_test;
+
+\c api_prod;
+
+CREATE TABLE IF NOT EXISTS users (
+  id SERIAL NOT NULL, 
+  username VARCHAR(128) NOT NULL, 
+  email VARCHAR(128) NOT NULL, 
+  password VARCHAR(255) NOT NULL, 
+  active BOOLEAN NOT NULL, 
+  created_date TIMESTAMP WITHOUT TIME ZONE NOT NULL, 
+  PRIMARY KEY (id)
+)
+
+CREATE TABLE IF NOT EXISTS zones (
+  id SERIAL PRIMARY KEY,
+  name VARCHAR(128) NOT NULL,
+  create_date TIMESTAMP DEFAULT CURRENT_TIMESTAMP NOT NULL
+);
--- a/data/sample-api-users/src/init.py
+++ b/data/sample-api-users/src/init.py
@ -33,6 +33,4 @@ def create_app(script_info=None):
    def ctx():
        return {"app": app, "db": db}

-    with app.app_context():
-        db.create_all()
-        return app
+    return app
--- a/helm/README.md
+++ b/helm/README.md
@ -136,3 +136,13 @@ Si se quiere actualizar los autogenerados por helm los pasos son:
 2) Hacer upgrade

 Note que si se hace un upgrade solo NO se regenerará el exam-crt. Esto es esperado ya que sino cada vez que modificamos algo se estará autogenerando un nuevo certificado!!
+
+
+---
+
+
+    # Race condition:
+    # https://www.postgresql.org/message-id/CA+TgmoZAdYVtwBfp1FL2sMZbiHCWT4UPrzRLNnX1Nb30Ku3-gg@mail.gmail.com
+    # with app.app_context():
+    #     db.create_all()
+    #     return app
--- a/helm/secrets.yaml
+++ b/helm/secrets.yaml
@ -1,4 +0,0 @@
-secrets:
-  username: "username"
-  password: "password1234"
-  database-url: "postgresql://username:password1234@exam-db/api_prod"
--- a/helm/templates/secrets.yaml
+++ b/helm/templates/secrets.yaml
@ -6,8 +6,7 @@ metadata:
  {{- include "exam.labels" . | nindent 4 }}
 data:
  {{- range $key, $val := .Values.secrets }}
-  {{- $envKey := $key }}
-  {{ $envKey }}: {{ required "$envKey" $val | b64enc | quote }}
+  {{ $key }}: {{ required "A value is required, configure .Values.secrets or create secrets.yaml" $val | b64enc | quote }}
  {{- end }}
 type: Opaque
 ---
--- a/helm/templates/stateful.yaml
+++ b/helm/templates/stateful.yaml
@ -0,0 +1,85 @@
+{{- range .Values.statefuls }}
+---
+apiVersion: apps/v1
+kind: StatefulSet
+metadata:
+  name: {{ include "exam.fullname" $ }}-{{ .name }}
+  labels:
+    app: {{ .name }}
+    {{- include "exam.labels" $ | nindent 4 }}
+spec:
+  serviceName: {{ include "exam.fullname" $ }}-{{ .name }}
+  replicas: 1
+  selector:
+    matchLabels:
+      app: {{ .name }}
+      tier: {{ .tier }}
+    {{- include "exam.selectorLabels" $ | nindent 6 }}
+  template:
+    metadata:
+      labels:
+        app: {{ .name }}
+        tier: {{ .tier }}
+      {{- include "exam.selectorLabels" $ | nindent 8 }}
+    spec:
+      terminationGracePeriodSeconds: {{ default "30" .grace }}
+      {{- if .initContainer }}
+      initContainers:
+        - name: {{ .name }}-init
+          {{- with .image }}
+          image: {{ .repository }}:{{ .tag | default $.Chart.AppVersion }}
+          {{- end }}
+          {{- with .initContainer }}
+            {{- toYaml . | nindent 10 }}
+          {{- end }}
+      {{- end }}
+      containers:
+        - name: {{ .name }}
+          {{- with .image }}
+          image: {{ .repository }}:{{ .tag | default $.Chart.AppVersion }}
+          {{- end }}
+          ports:
+            - name: {{ .name }}
+              containerPort: {{ .port }}
+          {{- if .env }}
+          env:
+            {{- with .env }}
+            {{- range $key, $val := . }}
+            {{- if ne "secrets" $key }}
+            {{- $envKey := $key | upper | replace "-" "_" }}
+            - name: {{ $envKey }}
+              value: {{ quote $val }}
+            {{- else }}
+            {{- range $key, $val := $val }}
+            {{- $envKey := $key | upper | replace "-" "_" }}
+            - name: {{ $envKey }}
+              valueFrom:
+                secretKeyRef:
+                  name: {{ include "exam.secrets" $ }}
+                  key: {{ $val }}
+            {{- end }}
+            {{- end }}
+            {{- end }}
+            {{- end }}
+          {{- end }}
+          resources: {}
+          livenessProbe:
+            exec:
+              {{- toYaml .probe | nindent 14 }}
+            initialDelaySeconds: 5
+          readinessProbe:
+            exec:
+              {{- toYaml .probe | nindent 14 }}
+            initialDelaySeconds: 5
+          {{- if .mountPath }}
+          volumeMounts:
+            - mountPath: {{ .mountPath }}
+              name: {{ .storage }}
+          {{- end }}
+      {{- if .mountPath }}
+      volumes:
+        - name: {{ .storage }}
+          persistentVolumeClaim:
+            claimName: {{ include "exam.pvclaim" $ }}
+      {{- end }}
+{{- end }}
--- a/helm/values.yaml
+++ b/helm/values.yaml
@ -51,11 +51,10 @@ services:
    tier: *dbTier
    port: *dbPort

-# secrets.yaml
 secrets:
-  username: "username"
-  password: "password1234"
-  database-url: "postgresql://username:password1234@exam-db/api_prod"
+  username: ""
+  password: ""
+  database-url: ""

 pv:
  class: local-storage
@ -78,7 +77,6 @@ deployments:
    replicas: 3
    initContainer:
      command: ['/bin/sh', '-c', 'until nc -z exam-db "${EXAM_DB_SERVICE_PORT-5432}"; do sleep 1; done;']
-      # cmd: ['sh', '-c', 'until pg_isready -U username -h exam-db -p 5432; do sleep 1; done']
  - client:
    name: *clientName
    tier: *clientTier
@ -86,9 +84,12 @@ deployments:
      repository: client
      tag: prod
    port: 80
+
+statefuls:
  - db:
    name: *dbName
    tier: *dbTier
+    grace: 60
    env:
      pgdata: /var/lib/postgresql/data/pgdata
      secrets:
--- a/run.sh
+++ b/run.sh
@ -10,14 +10,16 @@ postgres_version=
 enable_ssl=
 api_replicas=
 fluentd=false
+seed_db=false

-while getopts "ifhp:s:r:" arg; do
+while getopts "idfhp:s:r:" arg; do
    case $arg in
        i) interactive=true ;;
        p) postgres_version=${OPTARG} ;;
        s) enable_ssl=${OPTARG} ;;
        r) api_replicas=${OPTARG} ;;
        f) fluentd=true ;;
+        d) seed_db=true ;;
        *) usage ;;
    esac
 done
@ -36,6 +38,7 @@ if [ "$interactive" == true ]; then
    read -p "Do you want to enable SSL? [y/N]: " enable_ssl
    read -p "Enter the number of replicas for the API: " api_replicas
    read -p "Do you want to enable fluentd? [y/N]: " fluentd
+    read -p "Do you want to seed the database with some data? [y/N]: " seed_db
 fi

 if [ -n "$postgres_version" ]; then
@ -79,9 +82,23 @@ $START_MINIKUBE && minikube addons enable ingress

 helm dependency list helm | grep -q "missing" && helm dependency build helm

+VALUES=("-f" "helm/values.yaml")
+
 if [ "$fluentd" == true ] || [ "$fluentd" == "y" ] || [ "$fluentd" == "Y" ]; then
-    VALUES=("-f" "helm/values.yaml" "-f" "helm/fluentd.yaml")
+    VALUES+=("-f" "helm/fluentd.yaml")
+    [ -f 'helm/secrets.yaml' ] && VALUES+=("-f" "helm/secrets.yaml")
    helm status exam -n exam > /dev/null 2>&1 && helm upgrade exam ./helm -n exam ${VALUES[@]} || helm install exam ./helm -n exam ${VALUES[@]}
 else
-    helm status exam -n exam > /dev/null 2>&1 && helm upgrade exam ./helm -n exam || helm install exam ./helm -n exam
+    [ -f 'helm/secrets.yaml' ] && VALUES+=("-f" "helm/secrets.yaml")
+    helm status exam -n exam > /dev/null 2>&1 && helm upgrade exam ./helm -n exam ${VALUES[@]} || helm install exam ./helm -n exam ${VALUES[@]}
+fi
+
+if [ -n "$seed_db" ]; then
+    if [ "$seed_db" == true ] || [ "$seed_db" == "y" ] || [ "$seed_db" == "Y" ]; then
+        API_POD=$(kubectl get pods -n exam --selector=app=api --template '{{range .items}}{{.metadata.name}}{{break}}{{end}}')
+        [ -z "$API_POD" ] && exit 1
+        echo "Waiting for the API pod to start. Please be patient..."
+        kubectl -n exam wait pod/${API_POD} --for=condition=Ready --timeout=-1s
+        kubectl -n exam exec -it ${API_POD} -- python manage.py seed_db
+    fi
 fi