Skip to content

Commit

Permalink
Document Helm chart use in our COMS pipeline
Browse files Browse the repository at this point in the history
  • Loading branch information
TimCsaky committed Oct 31, 2024
2 parents 921154d + 2b0ba05 commit e26ff32
Show file tree
Hide file tree
Showing 9 changed files with 156 additions and 46 deletions.
70 changes: 36 additions & 34 deletions .github/environments/values.pr.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -3,40 +3,42 @@ features:
basicAuth: true
oidcAuth: true
defaultBucket: false
#
#
# We don't deploy a postgrescluster for PR's
# postgres:
# enabled: true

postgres:
enabled: true
# # --------------------------------
# # --------crunchydb config: ------
# # --------------------------------

# --------------------------------
# --------crunchydb config: ------
# --------------------------------
# instances:
# - name: db # do not change this name after initial install, pvc (data) and stateful sets will be deleted
# replicas: 3
# dataVolumeClaimSpec:
# accessModes:
# - "ReadWriteOnce"
# resources:
# requests:
# storage: .5Gi
# storageClassName: "netapp-block-standard"
# resources:
# requests:
# cpu: 50m
# memory: 128Mi
# limits:
# cpu: 100m
# memory: 256Mi
# sidecars:
# replicaCertCopy:
# resources:
# requests:
# cpu: 1m
# memory: 32Mi
# limits:
# cpu: 50m
# memory: 64Mi

instances:
- name: db # do not change this name after initial install, pvc (data) and stateful sets will be deleted
replicas: 3
dataVolumeClaimSpec:
accessModes:
- "ReadWriteOnce"
resources:
requests:
storage: .5Gi
storageClassName: "netapp-block-standard"
resources:
requests:
cpu: 50m
memory: 128Mi
limits:
cpu: 100m
memory: 256Mi
sidecars:
replicaCertCopy:
resources:
requests:
cpu: 1m
memory: 32Mi
limits:
cpu: 50m
memory: 64Mi

# -------- backups ---------
pgBackRestConfig: {}
# # -------- backups ---------
# pgBackRestConfig: {}
8 changes: 8 additions & 0 deletions .github/environments/values.prod.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -131,6 +131,14 @@ postgres:
bucket: csstops
endpoint: https://nrs.objectstore.gov.bc.ca
region: us-east-1
# -- restore from backup
# ref: https://access.crunchydata.com/documentation/postgres-operator/latest/tutorials/backups-disaster-recovery/disaster-recovery#perform-an-in-place-point-in-time-recovery-pitr
restore:
enabled: false
repoName: repo1 # eg `repo1` (pvc) or `repo2` (s3)
options:
- --type=time
- --target="2024-10-28 14:15:11-04"

# -------- monitoring ---------
monitoring: true
Expand Down
10 changes: 9 additions & 1 deletion .github/environments/values.test.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -41,7 +41,7 @@ postgres:
- "ReadWriteOnce"
resources:
requests:
storage: 1Gi
storage: 5Gi
storageClassName: "netapp-block-standard"
resources:
requests:
Expand Down Expand Up @@ -132,3 +132,11 @@ postgres:
bucket: csstops
endpoint: https://nrs.objectstore.gov.bc.ca
region: us-east-1
# -- restore from backup
# ref: https://access.crunchydata.com/documentation/postgres-operator/latest/tutorials/backups-disaster-recovery/disaster-recovery#perform-an-in-place-point-in-time-recovery-pitr
restore:
enabled: false
repoName: repo1 # eg `repo1` (pvc) or `repo2` (s3)
options:
- --type=time
- --target="2024-10-28 14:15:11-04"
31 changes: 31 additions & 0 deletions charts/NOTES.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,31 @@
# PostreSQL Deployment for the Common Object Management Service

The `postgrescluster` [Helm Chart](https://github.com/bcgov/common-object-management-service/blob/master/charts/postgres/Chart.yaml) is a fork of the official [CrunchyData](https://access.crunchydata.com/documentation/postgres-operator/latest/installation/helm) Helm chart example [version: 5.6.0](https://github.com/CrunchyData/postgres-operator-examples/tree/main/helm/postgres). No changes have been made to the `postgres.yaml` PostgresCluster template or the `values.yaml` files.

2 additional templates have been added to our copy of the repo, that should not need editing, whose values are passed in during deployment:

- `pgbackrest-s3-secret.yaml` to store S3 credentials, should you enable postgres data backeups to S3 using pgBackrest
- `postgres-bootstrap-sql-configmap.yaml` a config map containing any psql commands you want to run when crunchyDB initializes (see `databaseInitSQL` value)

Our pipeline installs the main `coms` Helm chart which has this `postgrescluster` Helm chart as a 'local' dependency. Note, we are using an alias of `postgres` for our postgrescluster chart. The values we pass to this postgrescluster Helm chart are provided in the `postgres` section of our main parent `coms` Helm chart. Our pipeline uses distinct sets of values for each deployment environment. We use this override methodology:

- defaults exist in subchart postgres
- overrides that apply to all coms environments are defined in `charts/coms/values.yaml` file
overrides specific to a single environment are defined in `.github/environments/values.<environment>.yaml`

## Other Things to note

- in COMS pipeline we pass this in Helm deploy command in github action (eg: `--set postgres. name=postgres-master`). This name is required in the postgres templates and becomes the `name` of the PostgresCluster object.

- In our values we provide a `users` object to create a database and user that our COMS app will use.

```yaml
users:
- name: app
databases:
- app
```
When crunchyDB is installed a secret is created called `postgres-master-pguser-app` that contains postgres credentials that must be referenced in our [COMS deployment template](https://github.com/bcgov/common-object-management-service/blob/921154defa5ba0baa35ed55a4d3436c456017701/charts/coms/templates/deploymentconfig.yaml#L5)

- PR deployments of COMS deploy a dedicated instance of the COMS app in our DEV environment in OPenShift. To reduce server resources, instead of also deploying an extra instance of CrunchyDB, the GitHub action 'On PR Opened' creates a temporary database and user (both named, eg `pr-123`) in the `master` (main) DEV instance of Postgres, that will get dropped when the PR is merged.
4 changes: 2 additions & 2 deletions charts/coms/Chart.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -3,7 +3,7 @@ name: common-object-management-service
# This is the chart version. This version number should be incremented each time you make changes
# to the chart and its templates, including the app version.
# Versions are expected to follow Semantic Versioning (https://semver.org/)
version: 1.1.7
version: 2.0.0
kubeVersion: ">= 1.13.0"
description: A microservice for managing access control to S3 Objects
# A chart can be either an 'application' or a 'library' chart.
Expand All @@ -28,7 +28,7 @@ sources:
- https://github.com/bcgov/common-object-management-service
dependencies:
- name: postgrescluster
version: 1.1.7
version: 2.0.0
repository: "file://../postgres"
condition: postgres.enabled
alias: postgres
Expand Down
54 changes: 49 additions & 5 deletions charts/coms/README.md
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
# common-object-management-service

![Version: 0.0.22](https://img.shields.io/badge/Version-0.0.22-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.8.0](https://img.shields.io/badge/AppVersion-0.8.0-informational?style=flat-square)
![Version: 2.0.0](https://img.shields.io/badge/Version-2.0.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 0.8.0](https://img.shields.io/badge/AppVersion-0.8.0-informational?style=flat-square)

A microservice for managing access control to S3 Objects

Expand All @@ -22,7 +22,7 @@ Kubernetes: `>= 1.13.0`

| Repository | Name | Version |
|------------|------|---------|
| https://bcgov.github.io/nr-patroni-chart | patroni | ~0.0.4 |
| file://../postgres | postgres(postgrescluster) | 2.0.0 |

## Values

Expand Down Expand Up @@ -55,12 +55,56 @@ Kubernetes: `>= 1.13.0`
| networkPolicy.enabled | bool | `true` | Specifies whether a network policy should be created |
| objectStorageSecretOverride.password | string | `nil` | Object storage password |
| objectStorageSecretOverride.username | string | `nil` | Object storage username |
| postgres.enabled | bool | `false` | Controls whether to enable managing a Postgres db dependency as a part of the helm release |
| podAnnotations | object | `{}` | Annotations for coms pods |
| podSecurityContext | object | `{}` | Privilege and access control settings |
| postgres.databaseInitSQL.key | string | `"bootstrap.sql"` | |
| postgres.databaseInitSQL.name | string | `"bootstrap-sql"` | |
| postgres.databaseInitSQL.sql | string | `"\\c app;\nALTER DATABASE app OWNER TO app;\nALTER SCHEMA public OWNER TO app;\nREVOKE CREATE ON SCHEMA public FROM PUBLIC;\nCREATE SCHEMA invite;\nALTER SCHEMA invite OWNER TO app;\nCREATE SCHEMA audit;\nALTER SCHEMA audit OWNER TO app;\nCREATE SCHEMA queue;\nALTER SCHEMA queue OWNER TO app;\n"` | |
| postgres.enabled | bool | `true` | |
| postgres.instances[0].dataVolumeClaimSpec.accessModes[0] | string | `"ReadWriteOnce"` | |
| postgres.instances[0].dataVolumeClaimSpec.resources.requests.storage | string | `"1Gi"` | |
| postgres.instances[0].dataVolumeClaimSpec.storageClassName | string | `"netapp-block-standard"` | |
| postgres.instances[0].name | string | `"db"` | |
| postgres.instances[0].replicas | int | `2` | |
| postgres.instances[0].resources.limits.cpu | string | `"100m"` | |
| postgres.instances[0].resources.limits.memory | string | `"256Mi"` | |
| postgres.instances[0].resources.requests.cpu | string | `"50m"` | |
| postgres.instances[0].resources.requests.memory | string | `"128Mi"` | |
| postgres.instances[0].sidecars.replicaCertCopy.resources.limits.cpu | string | `"50m"` | |
| postgres.instances[0].sidecars.replicaCertCopy.resources.limits.memory | string | `"64Mi"` | |
| postgres.instances[0].sidecars.replicaCertCopy.resources.requests.cpu | string | `"1m"` | |
| postgres.instances[0].sidecars.replicaCertCopy.resources.requests.memory | string | `"32Mi"` | |
| postgres.monitoring | bool | `false` | |
| postgres.pgBackRestConfig.jobs.resources.limits.cpu | string | `"50m"` | |
| postgres.pgBackRestConfig.jobs.resources.limits.memory | string | `"128Mi"` | |
| postgres.pgBackRestConfig.jobs.resources.requests.cpu | string | `"10m"` | |
| postgres.pgBackRestConfig.jobs.resources.requests.memory | string | `"64Mi"` | |
| postgres.pgBackRestConfig.manual.options[0] | string | `"--type=full"` | |
| postgres.pgBackRestConfig.manual.repoName | string | `"repo1"` | |
| postgres.pgBackRestConfig.repoHost.resources.limits.cpu | string | `"50m"` | |
| postgres.pgBackRestConfig.repoHost.resources.limits.memory | string | `"256Mi"` | |
| postgres.pgBackRestConfig.repoHost.resources.requests.cpu | string | `"20m"` | |
| postgres.pgBackRestConfig.repoHost.resources.requests.memory | string | `"128Mi"` | |
| postgres.pgBackRestConfig.sidecars.pgbackrest.resources.limits.cpu | string | `"20m"` | |
| postgres.pgBackRestConfig.sidecars.pgbackrest.resources.limits.memory | string | `"64Mi"` | |
| postgres.pgBackRestConfig.sidecars.pgbackrest.resources.requests.cpu | string | `"5m"` | |
| postgres.pgBackRestConfig.sidecars.pgbackrest.resources.requests.memory | string | `"16Mi"` | |
| postgres.pgBackRestConfig.sidecars.pgbackrestConfig.resources.limits.cpu | string | `"20m"` | |
| postgres.pgBackRestConfig.sidecars.pgbackrestConfig.resources.limits.memory | string | `"64Mi"` | |
| postgres.pgBackRestConfig.sidecars.pgbackrestConfig.resources.requests.cpu | string | `"5m"` | |
| postgres.pgBackRestConfig.sidecars.pgbackrestConfig.resources.requests.memory | string | `"32Mi"` | |
| postgres.pgBouncerConfig.config.global.client_tls_sslmode | string | `"disable"` | |
| postgres.pgBouncerConfig.replicas | int | `2` | |
| postgres.pgBouncerConfig.resources.limits.cpu | string | `"20m"` | |
| postgres.pgBouncerConfig.resources.limits.memory | string | `"64Mi"` | |
| postgres.pgBouncerConfig.resources.requests.cpu | string | `"5m"` | |
| postgres.pgBouncerConfig.resources.requests.memory | string | `"32Mi"` | |
| postgres.postgresVersion | int | `16` | ------------------------------ note: override methodology: - defaults exist in subchart postgres - overrides that apply to all coms environments are defined in this values.yaml file - overrides specific to a single environment are defined in values.<environment>.yaml name of the cluster. in COMS pipeline we pass this in Helm deploy command in github action eg: --set postgres.name=postgres-master name: postgres-master |
| postgres.users[0].databases[0] | string | `"app"` | |
| postgres.users[0].name | string | `"app"` | |
| replicaCount | int | `2` | |
| resources.limits.cpu | string | `"200m"` | Limit Peak CPU (in millicores ex. 1000m) |
| resources.limits.memory | string | `"512Mi"` | Limit Peak Memory (in gigabytes Gi or megabytes Mi ex. 2Gi) |
| resources.limits.memory | string | `"256Mi"` | Limit Peak Memory (in gigabytes Gi or megabytes Mi ex. 2Gi) |
| resources.requests.cpu | string | `"50m"` | Requested CPU (in millicores ex. 500m) |
| resources.requests.memory | string | `"128Mi"` | Requested Memory (in gigabytes Gi or megabytes Mi ex. 500Mi) |
| route.annotations | object | `{}` | Annotations to add to the route |
Expand All @@ -78,4 +122,4 @@ Kubernetes: `>= 1.13.0`
| serviceAccount.name | string | `nil` | The name of the service account to use. If not set and create is true, a name is generated using the fullname template |

----------------------------------------------
An Autogenerated from chart metadata using [helm-docs v1.11.3](https://github.com/norwoodj/helm-docs/releases/v1.11.3)
Autogenerated from chart metadata using [helm-docs v1.14.2](https://github.com/norwoodj/helm-docs/releases/v1.14.2)
4 changes: 3 additions & 1 deletion charts/coms/values.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -241,7 +241,9 @@ postgres:
- name: app
databases:
- app
# databaseInitSQL references a ConfigMap that contains a SQL file that should be
# Custom SQL commands we want to run, that get added to a ConfigMap
# that crunchyDB references duriing intialization
# gives our app permissions on the schemas (also required to run our knex migrations)
databaseInitSQL:
name: bootstrap-sql
key: bootstrap.sql
Expand Down
7 changes: 4 additions & 3 deletions charts/postgres/Chart.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,7 @@ apiVersion: v2
name: postgrescluster
description: A Helm chart for Kubernetes
type: application
# The version below should match the version on the PostgresCluster CRD
version: 1.1.7
appVersion: 5.6.0
# postgrescluster Helm Chart version
version: 2.0.0
# PostgresCluster CRD version
appVersion: 5.5.1
14 changes: 14 additions & 0 deletions charts/postgres/README.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,14 @@
# postgrescluster

![Version: 2.0.0](https://img.shields.io/badge/Version-2.0.0-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 5.5.1](https://img.shields.io/badge/AppVersion-5.5.1-informational?style=flat-square)

A Helm chart for Kubernetes

## Values

| Key | Type | Default | Description |
|-----|------|---------|-------------|
| postgresVersion | int | `16` | |

----------------------------------------------
Autogenerated from chart metadata using [helm-docs v1.14.2](https://github.com/norwoodj/helm-docs/releases/v1.14.2)

0 comments on commit e26ff32

Please sign in to comment.