From 75fe12f30037dc9b693a579e7365cdfe5bcb8314 Mon Sep 17 00:00:00 2001 From: Shreyas Pandya Date: Thu, 21 Nov 2024 10:13:40 +0530 Subject: [PATCH] feat: adds atlas migration migration, issueref #56 * adds atlas init container to graphql-server deployment * updates readme docs * updates guac version * updates chart version Signed-off-by: Amit Singh Signed-off-by: Ayush Shyam Kumar Signed-off-by: Anirudh Edpuganti --- .github/workflows/release.yaml | 2 +- charts/guac/Chart.lock | 2 +- charts/guac/Chart.yaml | 4 +- charts/guac/README.md | 14 ++++++ charts/guac/schema.json | 47 +++++++++++++++++++ .../templates/graphql-server-deployment.yaml | 18 +++++++ charts/guac/values.yaml | 24 ++++++++++ 7 files changed, 107 insertions(+), 4 deletions(-) diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml index afd9bb6..5e025f1 100644 --- a/.github/workflows/release.yaml +++ b/.github/workflows/release.yaml @@ -58,4 +58,4 @@ jobs: CR_SIGN: "true" # GPG_KEY_NAME is set at key creation time and is used to identify the key in the keyring here CR_KEY: "${{ secrets.GPG_KEY_NAME }}" - CR_KEYRING: "/home/runner/.gnupg/keyring.gpg" + CR_KEYRING: "/home/runner/.gnupg/keyring.gpg" \ No newline at end of file diff --git a/charts/guac/Chart.lock b/charts/guac/Chart.lock index 1176df0..7925b73 100644 --- a/charts/guac/Chart.lock +++ b/charts/guac/Chart.lock @@ -6,4 +6,4 @@ dependencies: repository: https://charts.min.io/ version: 5.0.15 digest: sha256:bea07af7a724b783003cd5c82ac3763d7c3fb82b2c6df0fb0b8a3f82ebc1b577 -generated: "2024-02-28T21:29:37.996055-05:00" +generated: "2024-11-26T17:45:20.471001+05:30" diff --git a/charts/guac/Chart.yaml b/charts/guac/Chart.yaml index a6bab40..e33490f 100644 --- a/charts/guac/Chart.yaml +++ b/charts/guac/Chart.yaml @@ -9,8 +9,8 @@ maintainers: email: guac-info@kusari.dev type: application -version: 0.5.1 -appVersion: "v0.8.0" +version: 0.5.2 +appVersion: "v0.12.0" dependencies: - name: nats diff --git a/charts/guac/README.md b/charts/guac/README.md index a546c77..e23fd3d 100644 --- a/charts/guac/README.md +++ b/charts/guac/README.md @@ -287,6 +287,20 @@ This is the configuration for minio. This is a subchart. See full documentatio | `minio.buckets` | List of buckets to create after deployment. | `{}` | | `minio.users` | List of users, in terms of creds and permissions, to create after deployment.? | `{}` | +### atlas + +This section contains parameters for configuring the atlas migration. + +| Name | Description | Value | +| ------------------------ | ---------------------------------------------------------------------------------------------------------------- | ----------------------------------------------------------------------------------------------------- | +| `atlas.enabled` | Whether to add atlas init-container in graphql-server to manage schema migration via atlas. Defaults to false | `false` | +| `atlas.image.command` | Command for the atlas migration. Overriding default entrypoint to read backend DB connection string from guac-cm | `["sh","-c","atlas migrate apply --dir file:///app/migrations --url $DB_ADDRESS?search_path=public"]` | +| `atlas.image.repository` | Path to the atlas migration image | `ghcr.io/guacsec/guac/atlas-migration` | +| `atlas.image.tag` | Tag if using an image tag. Optional | `undefined` | +| `atlas.image.digest` | Sha256 Image Digest. It is strongly recommended to use this for verification. | `""` | +| `atlas.image.pullPolicy` | ImagePullPolicy for kubernetes | `IfNotPresent` | +| `atlas.name` | Name of the atlas migration component | `atlas-migration` | + ## Developing For running the unit tests, install the unittest plugin. diff --git a/charts/guac/schema.json b/charts/guac/schema.json index 1d01efc..336c781 100644 --- a/charts/guac/schema.json +++ b/charts/guac/schema.json @@ -1125,6 +1125,53 @@ "default": "rootPassword" } } + }, + "atlas": { + "type": "object", + "properties": { + "enabled": { + "type": "boolean", + "description": "Whether to add atlas init-container in graphql-server to manage schema migration via atlas. Defaults to false", + "default": false + }, + "image": { + "type": "object", + "properties": { + "command": { + "type": "array", + "description": "Command for the atlas migration. Overriding default entrypoint to read backend DB connection string from guac-cm", + "default": [ + "sh", + "-c", + "atlas migrate apply --dir file:///app/migrations --url $DB_ADDRESS?search_path=public" + ], + "items": { + "type": "string" + } + }, + "repository": { + "type": "string", + "description": "Path to the atlas migration image", + "default": "ghcr.io/guacsec/guac/atlas-migration" + }, + "digest": { + "type": "string", + "description": "Sha256 Image Digest. It is strongly recommended to use this for verification.", + "default": "\"\"" + }, + "pullPolicy": { + "type": "string", + "description": "ImagePullPolicy for kubernetes", + "default": "IfNotPresent" + } + } + }, + "name": { + "type": "string", + "description": "Name of the atlas migration component", + "default": "atlas-migration" + } + } } } } \ No newline at end of file diff --git a/charts/guac/templates/graphql-server-deployment.yaml b/charts/guac/templates/graphql-server-deployment.yaml index 79afa20..54888d6 100644 --- a/charts/guac/templates/graphql-server-deployment.yaml +++ b/charts/guac/templates/graphql-server-deployment.yaml @@ -29,6 +29,24 @@ spec: app.kubernetes.io/component: {{ .Values.guac.graphqlServer.name }} spec: serviceAccountName: {{ .Values.guac.graphqlServer.name }} +{{- if .Values.atlas.enabled }} + initContainers: + - name: {{ .Values.atlas.name }} +{{- if index .Values.guac.backend.ent "db-address" }} + env: + - name: DB_ADDRESS + value: '{{ index .Values.guac.backend.ent "db-address" }}' + optional: false +{{- end }} + {{- if .Values.atlas.image.digest }} + image: "{{ .Values.image.repository | default .Values.guac.guacImage.repository }}@{{ .Values.atlas.image.digest }}" + {{- else }} + image: "{{ .Values.atlas.image.repository | default .Values.guac.guacImage.repository }}:{{ .Values.atlas.image.tag | default .Values.guac.guacImage.tag | default .Chart.AppVersion}}" + {{- end }} + imagePullPolicy: {{ .Values.atlas.image.pullPolicy }} + command: +{{ toYaml .Values.atlas.image.command | indent 10 }} +{{- end }} containers: - name: {{ .Values.guac.graphqlServer.name }} {{- if .Values.guac.guacImage.digest }} diff --git a/charts/guac/values.yaml b/charts/guac/values.yaml index b47e6a3..bab65bc 100644 --- a/charts/guac/values.yaml +++ b/charts/guac/values.yaml @@ -165,6 +165,7 @@ imagePullSecrets: ## @param guac.collectorPublishToQueue Whether to publish ingestion message to pubsub queue ## @param guac.blobAddr [nullable] gocloud connection string for blob store configured via https://gocloud.dev/howto/blob/ ## @param guac.additionalResources + guac: guacImage: @@ -522,3 +523,26 @@ minio: - accessKey: accessKey secretKey: secretKey policy: readwrite + +## @section atlas +## @descriptionStart This section contains parameters for configuring the atlas migration. +## @descriptionEnd +## @param atlas.enabled Whether to add atlas init-container in graphql-server to manage schema migration via atlas. Defaults to false +## @param atlas.image.command Command for the atlas migration. Overriding default entrypoint to read backend DB connection string from guac-cm +## @param atlas.image.repository Path to the atlas migration image +## @param atlas.image.tag [nullable] Tag if using an image tag. Optional +## @param atlas.image.digest [string] Sha256 Image Digest. It is strongly recommended to use this for verification. +## @param atlas.image.pullPolicy ImagePullPolicy for kubernetes +## @param atlas.name Name of the atlas migration component + +atlas: + enabled: false + image: + command: ['sh', '-c', 'atlas migrate apply --dir file:///app/migrations --url $DB_ADDRESS?search_path=public'] + repository: ghcr.io/guacsec/guac/atlas-migration + # if not set appVersion field from Chart.yaml is used + # tag: + # When digest is set to a non-empty value, images will be pulled by digest (regardless of tag value). + digest: "" + pullPolicy: IfNotPresent + name: atlas-migration