From 22f1c4047d35ed3b444a916359ae098b82d48388 Mon Sep 17 00:00:00 2001 From: bbk Date: Fri, 17 Nov 2023 10:14:15 +0100 Subject: [PATCH 01/10] improve postgres setup --- README.md | 9 ++-- charts/wger/Chart.yaml | 2 +- charts/wger/templates/_helpers.tpl | 6 --- charts/wger/templates/deployment.yaml | 60 +++++++++++++++++++++++++++ charts/wger/values.yaml | 13 ++++-- 5 files changed, 76 insertions(+), 14 deletions(-) diff --git a/README.md b/README.md index dd78673..ccb4e9f 100644 --- a/README.md +++ b/README.md @@ -2,7 +2,6 @@ Helm charts for wger deployment on Kubernetes - ## TL;DR If you know what you are doing, you can go ahead and run these commands to install wger. Otherwise, keep on reading! @@ -197,9 +196,11 @@ The following settings are declared in the groundhog2k Helm charts. | Name | Description | Type | Default Value | |------|-------------|------|---------------| | `postgres.enabled` | Enable the PostgreSQL chart | Boolean | `True` | -| `postgres.settings.superuser ` | Superuser name | String | `wger` | -| `postgres.settings.superuserPassword` | Password of superuser | String | `wger` | -| `postgres.userDatabase.name` | PostgreSQL database name to use for wger | String | `wger` | +| `postgres.settings.superuser ` | Superuser name | String | `postgres` | +| `postgres.settings.superuserPassword` | Password of superuser | String | `postgres` | +| `postgres.userDatabase.name` | Database name to use for wger | String | `wger` | +| `postgres.userDatabase.user` | Username to use for wger | String | `wger` | +| `postgres.userDatabase.password` | Password for wger user | String | `wger` | | `postgres.service.port` | PostreSQL service port | Integer | `5432` | | `postgres.storage.persistentVolumeClaimName` | PVC name when existing storage volume should be used | String | `Nil` | | `postgres.storage.requestedSize` | Size for new PVC, when no existing PVC is used | Integer | `8Gi` | diff --git a/charts/wger/Chart.yaml b/charts/wger/Chart.yaml index bb77602..5ce499b 100644 --- a/charts/wger/Chart.yaml +++ b/charts/wger/Chart.yaml @@ -1,6 +1,6 @@ --- apiVersion: v2 -version: 0.1.5 +version: 0.1.5-rc1 appVersion: latest name: wger description: A Helm chart for Wger installation on Kubernetes diff --git a/charts/wger/templates/_helpers.tpl b/charts/wger/templates/_helpers.tpl index ebd6292..b2dc75a 100644 --- a/charts/wger/templates/_helpers.tpl +++ b/charts/wger/templates/_helpers.tpl @@ -29,12 +29,6 @@ environment: value: "True" - name: DJANGO_DB_ENGINE value: "django.db.backends.postgresql" - - name: DJANGO_DB_USER - value: {{ .Values.postgres.settings.superuser | quote }} - - name: DJANGO_DB_PASSWORD - value: {{ .Values.postgres.settings.superuserPassword | quote }} - - name: DJANGO_DB_DATABASE - value: {{ .Values.postgres.userDatabase.name | quote }} - name: DJANGO_DB_HOST value: "{{ .Release.Name }}-postgres" - name: DJANGO_DB_PORT diff --git a/charts/wger/templates/deployment.yaml b/charts/wger/templates/deployment.yaml index dcd973d..feda7e5 100644 --- a/charts/wger/templates/deployment.yaml +++ b/charts/wger/templates/deployment.yaml @@ -49,6 +49,21 @@ spec: secretKeyRef: name: {{ .Values.app.jwt.secret.name | default "jwt" | quote }} key: "signing-key" + - name: DJANGO_DB_USER + valueFrom: + secretKeyRef: + name: {{ "wger-postgres" }} + key: "USERDB_USER" + - name: DJANGO_DB_PASSWORD + valueFrom: + secretKeyRef: + name: {{ "wger-postgres" }} + key: "USERDB_PASSWORD" + - name: DJANGO_DB_DATABASE + valueFrom: + secretKeyRef: + name: {{ "wger-postgres" }} + key: "POSTGRES_DB" {{- if .Values.celery.flower.enabled }} - name: CELERY_FLOWER_PASSWORD valueFrom: @@ -191,6 +206,21 @@ spec: secretKeyRef: name: {{ .Values.app.jwt.secret.name | default "jwt" | quote }} key: "signing-key" + - name: DJANGO_DB_USER + valueFrom: + secretKeyRef: + name: {{ "wger-postgres" }} + key: "USERDB_USER" + - name: DJANGO_DB_PASSWORD + valueFrom: + secretKeyRef: + name: {{ "wger-postgres" }} + key: "USERDB_PASSWORD" + - name: DJANGO_DB_DATABASE + valueFrom: + secretKeyRef: + name: {{ "wger-postgres" }} + key: "POSTGRES_DB" {{- if .Values.celery.flower.enabled }} - name: CELERY_FLOWER_PASSWORD valueFrom: @@ -225,6 +255,21 @@ spec: secretKeyRef: name: {{ .Values.app.jwt.secret.name | default "jwt" | quote }} key: "signing-key" + - name: DJANGO_DB_USER + valueFrom: + secretKeyRef: + name: {{ "wger-postgres" }} + key: "USERDB_USER" + - name: DJANGO_DB_PASSWORD + valueFrom: + secretKeyRef: + name: {{ "wger-postgres" }} + key: "USERDB_PASSWORD" + - name: DJANGO_DB_DATABASE + valueFrom: + secretKeyRef: + name: {{ "wger-postgres" }} + key: "POSTGRES_DB" - name: CELERY_FLOWER_PASSWORD valueFrom: secretKeyRef: @@ -311,6 +356,21 @@ spec: secretKeyRef: name: {{ .Values.app.jwt.secret.name | default "jwt" | quote }} key: "signing-key" + - name: DJANGO_DB_USER + valueFrom: + secretKeyRef: + name: {{ "wger-postgres" }} + key: "USERDB_USER" + - name: DJANGO_DB_PASSWORD + valueFrom: + secretKeyRef: + name: {{ "wger-postgres" }} + key: "USERDB_PASSWORD" + - name: DJANGO_DB_DATABASE + valueFrom: + secretKeyRef: + name: {{ "wger-postgres" }} + key: "POSTGRES_DB" {{- if .Values.celery.flower.enabled }} - name: CELERY_FLOWER_PASSWORD valueFrom: diff --git a/charts/wger/values.yaml b/charts/wger/values.yaml index e0f10e7..eacc2e6 100644 --- a/charts/wger/values.yaml +++ b/charts/wger/values.yaml @@ -113,13 +113,20 @@ service: # PostgreSQL Settings for groundhog2k chart. Only a minimum has been specified below. # For more options, see https://github.com/groundhog2k/helm-charts/tree/master/charts/postgres postgres: - # Note: keep these variables present as the chart uses them for the Deployment + # Note: keep these variables present as the wger chart uses them for the deployment + # the superuser and user settings will be saved into a secret enabled: true + # we need to override the fullname for simpler accessing the secret in wger + fullnameOverride: wger-postgres + # after the first installation the superuser and userDatabase settings will be ignored + # they will be taken from the secret settings: - superuser: wger - superuserPassword: wger + superuser: postgres + superuserPassword: postgres userDatabase: name: wger + user: wger + password: wger service: port: 5432 resources: From 2c92dc853ccd340c06484f31775f2ca973fbab89 Mon Sep 17 00:00:00 2001 From: bbk Date: Fri, 17 Nov 2023 10:21:04 +0100 Subject: [PATCH 02/10] use dev version --- charts/wger/Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/wger/Chart.yaml b/charts/wger/Chart.yaml index 5ce499b..ee45e86 100644 --- a/charts/wger/Chart.yaml +++ b/charts/wger/Chart.yaml @@ -1,6 +1,6 @@ --- apiVersion: v2 -version: 0.1.5-rc1 +version: 0.1.5-dev appVersion: latest name: wger description: A Helm chart for Wger installation on Kubernetes From 8838c657cb0501153e407f693434b16da1fde4d3 Mon Sep 17 00:00:00 2001 From: bbk Date: Fri, 17 Nov 2023 11:50:46 +0100 Subject: [PATCH 03/10] add release notes --- RELEASENOTES.md | 39 +++++++++++++++++++++++++++++++++++++++ 1 file changed, 39 insertions(+) create mode 100644 RELEASENOTES.md diff --git a/RELEASENOTES.md b/RELEASENOTES.md new file mode 100644 index 0000000..554668b --- /dev/null +++ b/RELEASENOTES.md @@ -0,0 +1,39 @@ +## 0.1.6 + +* get the database credentials from the secret, like the postgres chart does + +### Upgrade + +#### postgres superuser + +The superuser was named `wger`, but this seems to lead to a error in the postgres docker image: + +```bash +FATAL: role "postgres" does not exist +``` + +So you need to manually add a `postgres` superuser: + +```bash +kubectl -n wger exec -ti wger-postgres-0 -- bash +psql -U wger + +CREATE ROLE postgres WITH LOGIN SUPERUSER PASSWORD 'postgres'; +``` + +As well set the settings in your `values.yaml`: + +```yaml +postgres: + settings: + superuser: postgres + superuserPassword: postgres + userDatabase: + name: wger + user: wger + password: wger +``` + +#### Name of the postgres secret + +For postgres we set `fullnameOverride: wger-postgres`, this will be used to name the secret upon the first installation. So when upgrading and you have used a different helm release name than `wger` you need to modify `[yourname]-postgres` in your `values.yaml`. \ No newline at end of file From e3389d07e1aacff9fda32c733f60a994471c4b51 Mon Sep 17 00:00:00 2001 From: bbk Date: Fri, 17 Nov 2023 11:52:53 +0100 Subject: [PATCH 04/10] update doc --- RELEASENOTES.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/RELEASENOTES.md b/RELEASENOTES.md index 554668b..9829c7a 100644 --- a/RELEASENOTES.md +++ b/RELEASENOTES.md @@ -36,4 +36,4 @@ postgres: #### Name of the postgres secret -For postgres we set `fullnameOverride: wger-postgres`, this will be used to name the secret upon the first installation. So when upgrading and you have used a different helm release name than `wger` you need to modify `[yourname]-postgres` in your `values.yaml`. \ No newline at end of file +For postgres we now set `fullnameOverride: wger-postgres`, this will be used to name the secret upon the first installation. So when upgrading and you have used a different helm release name than `wger` you need to modify `[yourname]-postgres` in your `values.yaml`. \ No newline at end of file From 4720bc13396665c699c6c987b952af435a59dcc9 Mon Sep 17 00:00:00 2001 From: bbk Date: Fri, 17 Nov 2023 12:01:24 +0100 Subject: [PATCH 05/10] 0.1.6-rc.1 pre-release --- charts/wger/Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/wger/Chart.yaml b/charts/wger/Chart.yaml index ee45e86..7709f53 100644 --- a/charts/wger/Chart.yaml +++ b/charts/wger/Chart.yaml @@ -1,6 +1,6 @@ --- apiVersion: v2 -version: 0.1.5-dev +version: 0.1.6-rc.1 appVersion: latest name: wger description: A Helm chart for Wger installation on Kubernetes From f0ebec87217e91944882a06a6647c37e1b2e9009 Mon Sep 17 00:00:00 2001 From: bbk Date: Fri, 17 Nov 2023 15:12:15 +0100 Subject: [PATCH 06/10] don't `fullnameOverride` this conflicts --- RELEASENOTES.md | 4 ---- charts/wger/values.yaml | 2 -- 2 files changed, 6 deletions(-) diff --git a/RELEASENOTES.md b/RELEASENOTES.md index 9829c7a..006b58e 100644 --- a/RELEASENOTES.md +++ b/RELEASENOTES.md @@ -33,7 +33,3 @@ postgres: user: wger password: wger ``` - -#### Name of the postgres secret - -For postgres we now set `fullnameOverride: wger-postgres`, this will be used to name the secret upon the first installation. So when upgrading and you have used a different helm release name than `wger` you need to modify `[yourname]-postgres` in your `values.yaml`. \ No newline at end of file diff --git a/charts/wger/values.yaml b/charts/wger/values.yaml index eacc2e6..f659d4c 100644 --- a/charts/wger/values.yaml +++ b/charts/wger/values.yaml @@ -116,8 +116,6 @@ postgres: # Note: keep these variables present as the wger chart uses them for the deployment # the superuser and user settings will be saved into a secret enabled: true - # we need to override the fullname for simpler accessing the secret in wger - fullnameOverride: wger-postgres # after the first installation the superuser and userDatabase settings will be ignored # they will be taken from the secret settings: From e6664404cfef0d6ad35112d14221a5a6ca05b20e Mon Sep 17 00:00:00 2001 From: bbk Date: Fri, 17 Nov 2023 15:32:22 +0100 Subject: [PATCH 07/10] secret name / init container --- charts/wger/templates/deployment.yaml | 40 +++++++++++++++++++-------- 1 file changed, 28 insertions(+), 12 deletions(-) diff --git a/charts/wger/templates/deployment.yaml b/charts/wger/templates/deployment.yaml index feda7e5..b2b0d4e 100644 --- a/charts/wger/templates/deployment.yaml +++ b/charts/wger/templates/deployment.yaml @@ -52,17 +52,17 @@ spec: - name: DJANGO_DB_USER valueFrom: secretKeyRef: - name: {{ "wger-postgres" }} + name: "{{.Release.Name}}-postgres" key: "USERDB_USER" - name: DJANGO_DB_PASSWORD valueFrom: secretKeyRef: - name: {{ "wger-postgres" }} + name: "{{.Release.Name}}-postgres" key: "USERDB_PASSWORD" - name: DJANGO_DB_DATABASE valueFrom: secretKeyRef: - name: {{ "wger-postgres" }} + name: "{{.Release.Name}}-postgres" key: "POSTGRES_DB" {{- if .Values.celery.flower.enabled }} - name: CELERY_FLOWER_PASSWORD @@ -209,17 +209,17 @@ spec: - name: DJANGO_DB_USER valueFrom: secretKeyRef: - name: {{ "wger-postgres" }} + name: "{{.Release.Name}}-postgres" key: "USERDB_USER" - name: DJANGO_DB_PASSWORD valueFrom: secretKeyRef: - name: {{ "wger-postgres" }} + name: "{{.Release.Name}}-postgres" key: "USERDB_PASSWORD" - name: DJANGO_DB_DATABASE valueFrom: secretKeyRef: - name: {{ "wger-postgres" }} + name: "{{.Release.Name}}-postgres" key: "POSTGRES_DB" {{- if .Values.celery.flower.enabled }} - name: CELERY_FLOWER_PASSWORD @@ -258,17 +258,17 @@ spec: - name: DJANGO_DB_USER valueFrom: secretKeyRef: - name: {{ "wger-postgres" }} + name: "{{.Release.Name}}-postgres" key: "USERDB_USER" - name: DJANGO_DB_PASSWORD valueFrom: secretKeyRef: - name: {{ "wger-postgres" }} + name: "{{.Release.Name}}-postgres" key: "USERDB_PASSWORD" - name: DJANGO_DB_DATABASE valueFrom: secretKeyRef: - name: {{ "wger-postgres" }} + name: "{{.Release.Name}}-postgres" key: "POSTGRES_DB" - name: CELERY_FLOWER_PASSWORD valueFrom: @@ -284,6 +284,14 @@ spec: mountPath: /home/wger/src readOnly: false {{- end }} + initContainers: + - name: init-container + image: docker.io/busybox:latest + command: + - /bin/sh + - -c + - until nc -zvw10 {{.Release.Name}}-postgres {{ .Values.postgres.service.port }}; do echo "Waiting for postgres service ({{.Release.Name}}-postgres:{{ .Values.postgres.service.port }}) "; sleep 2; done && + until nc -zvw10 {{.Release.Name}}-redis {{ .Values.redis.service.serverPort }}; do echo "Waiting for redis service ({{.Release.Name}}-redis:{{ .Values.redis.service.serverPort }})"; sleep 2; done {{- end }} volumes: - name: wger-media @@ -359,17 +367,17 @@ spec: - name: DJANGO_DB_USER valueFrom: secretKeyRef: - name: {{ "wger-postgres" }} + name: "{{.Release.Name}}-postgres" key: "USERDB_USER" - name: DJANGO_DB_PASSWORD valueFrom: secretKeyRef: - name: {{ "wger-postgres" }} + name: "{{.Release.Name}}-postgres" key: "USERDB_PASSWORD" - name: DJANGO_DB_DATABASE valueFrom: secretKeyRef: - name: {{ "wger-postgres" }} + name: "{{.Release.Name}}-postgres" key: "POSTGRES_DB" {{- if .Values.celery.flower.enabled }} - name: CELERY_FLOWER_PASSWORD @@ -388,6 +396,14 @@ spec: mountPath: /home/wger/src readOnly: false {{- end }} + initContainers: + - name: init-container + image: docker.io/busybox:latest + command: + - /bin/sh + - -c + - until nc -zvw10 {{.Release.Name}}-postgres {{ .Values.postgres.service.port }}; do echo "Waiting for postgres service ({{.Release.Name}}-postgres:{{ .Values.postgres.service.port }}) "; sleep 2; done && + until nc -zvw10 {{.Release.Name}}-redis {{ .Values.redis.service.serverPort }}; do echo "Waiting for redis service ({{.Release.Name}}-redis:{{ .Values.redis.service.serverPort }})"; sleep 2; done volumes: - name: wger-media persistentVolumeClaim: From 831ec95ce04fcf46f856ead4888dc27d2767aed3 Mon Sep 17 00:00:00 2001 From: bbk Date: Fri, 17 Nov 2023 16:03:45 +0100 Subject: [PATCH 08/10] celery wait for wger app --- charts/wger/templates/deployment.yaml | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/charts/wger/templates/deployment.yaml b/charts/wger/templates/deployment.yaml index b2b0d4e..3eeac74 100644 --- a/charts/wger/templates/deployment.yaml +++ b/charts/wger/templates/deployment.yaml @@ -291,7 +291,8 @@ spec: - /bin/sh - -c - until nc -zvw10 {{.Release.Name}}-postgres {{ .Values.postgres.service.port }}; do echo "Waiting for postgres service ({{.Release.Name}}-postgres:{{ .Values.postgres.service.port }}) "; sleep 2; done && - until nc -zvw10 {{.Release.Name}}-redis {{ .Values.redis.service.serverPort }}; do echo "Waiting for redis service ({{.Release.Name}}-redis:{{ .Values.redis.service.serverPort }})"; sleep 2; done + until nc -zvw10 {{.Release.Name}}-redis {{ .Values.redis.service.serverPort }}; do echo "Waiting for redis service ({{.Release.Name}}-redis:{{ .Values.redis.service.serverPort }})"; sleep 2; done && + until wget --spider http://{{.Release.Name}}-http:8000; do echo "Waiting for wger app service ({{.Release.Name}}-http:8000)"; sleep 2; done {{- end }} volumes: - name: wger-media @@ -403,7 +404,8 @@ spec: - /bin/sh - -c - until nc -zvw10 {{.Release.Name}}-postgres {{ .Values.postgres.service.port }}; do echo "Waiting for postgres service ({{.Release.Name}}-postgres:{{ .Values.postgres.service.port }}) "; sleep 2; done && - until nc -zvw10 {{.Release.Name}}-redis {{ .Values.redis.service.serverPort }}; do echo "Waiting for redis service ({{.Release.Name}}-redis:{{ .Values.redis.service.serverPort }})"; sleep 2; done + until nc -zvw10 {{.Release.Name}}-redis {{ .Values.redis.service.serverPort }}; do echo "Waiting for redis service ({{.Release.Name}}-redis:{{ .Values.redis.service.serverPort }})"; sleep 2; done && + until wget --spider http://{{.Release.Name}}-http:8000; do echo "Waiting for wger app service ({{.Release.Name}}-http:8000)"; sleep 2; done volumes: - name: wger-media persistentVolumeClaim: From 2769409f638950010844f410d3614cdc4795943e Mon Sep 17 00:00:00 2001 From: bbk Date: Fri, 17 Nov 2023 17:14:54 +0100 Subject: [PATCH 09/10] grant user -> superuser --- charts/wger/templates/configmap.yaml | 8 ++++++++ charts/wger/values.yaml | 1 + 2 files changed, 9 insertions(+) diff --git a/charts/wger/templates/configmap.yaml b/charts/wger/templates/configmap.yaml index 3f611f7..c712a20 100644 --- a/charts/wger/templates/configmap.yaml +++ b/charts/wger/templates/configmap.yaml @@ -44,3 +44,11 @@ data: } } {{- end }} +--- +kind: ConfigMap +apiVersion: v1 +metadata: + name: wger-pg-init +data: + grantSuperuser.sql: | + ALTER USER {{postgres.userDatabase.name}} WITH SUPERUSER; diff --git a/charts/wger/values.yaml b/charts/wger/values.yaml index f659d4c..e1942e7 100644 --- a/charts/wger/values.yaml +++ b/charts/wger/values.yaml @@ -125,6 +125,7 @@ postgres: name: wger user: wger password: wger + extraScripts: wger-pg-init service: port: 5432 resources: From 3099384a894442c8de32b1b71a160b9b1ebcbbef Mon Sep 17 00:00:00 2001 From: bbk Date: Fri, 17 Nov 2023 17:18:00 +0100 Subject: [PATCH 10/10] values --- charts/wger/templates/configmap.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/charts/wger/templates/configmap.yaml b/charts/wger/templates/configmap.yaml index c712a20..924039b 100644 --- a/charts/wger/templates/configmap.yaml +++ b/charts/wger/templates/configmap.yaml @@ -51,4 +51,4 @@ metadata: name: wger-pg-init data: grantSuperuser.sql: | - ALTER USER {{postgres.userDatabase.name}} WITH SUPERUSER; + ALTER USER {{ .Values.postgres.userDatabase.name }} WITH SUPERUSER;