feat: adds atlas migration migration, issueref kusaridev#56

* adds atlas init container to graphql-server deployment * updates readme docs * updates guac version * updates chart version Signed-off-by: Amit Singh <[email protected]> Signed-off-by: Ayush Shyam Kumar <[email protected]> Signed-off-by: Anirudh Edpuganti <[email protected]> Signed-off-by: Shreyas Pandya <[email protected]>
shreyasHpandya · Dec 12, 2024 · cbfea9e · cbfea9e
1 parent e1a0bdd
commit cbfea9e
Show file tree

Hide file tree

Showing 7 changed files with 107 additions and 4 deletions.
diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
@@ -58,4 +58,4 @@ jobs:
           CR_SIGN: "true"
           # GPG_KEY_NAME is set at key creation time and is used to identify the key in the keyring here
           CR_KEY: "${{ secrets.GPG_KEY_NAME }}"
-          CR_KEYRING: "/home/runner/.gnupg/keyring.gpg"
+          CR_KEYRING: "/home/runner/.gnupg/keyring.gpg"
diff --git a/charts/guac/Chart.lock b/charts/guac/Chart.lock
@@ -6,4 +6,4 @@ dependencies:
   repository: https://charts.min.io/
   version: 5.0.15
 digest: sha256:bea07af7a724b783003cd5c82ac3763d7c3fb82b2c6df0fb0b8a3f82ebc1b577
-generated: "2024-02-28T21:29:37.996055-05:00"
+generated: "2024-11-26T17:45:20.471001+05:30"
diff --git a/charts/guac/Chart.yaml b/charts/guac/Chart.yaml
@@ -9,8 +9,8 @@ maintainers:
     email: [email protected]
 
 type: application
-version: 0.5.1
-appVersion: "v0.8.0"
+version: 0.5.2
+appVersion: "v0.12.0"
 
 dependencies:
 - name: nats

diff --git a/charts/guac/README.md b/charts/guac/README.md
@@ -287,6 +287,20 @@ This is the configuration for minio.  This is a subchart.  See full documentatio
 | `minio.buckets`      | List of buckets to create after deployment.                                    | `{}`           |
 | `minio.users`        | List of users, in terms of creds and permissions, to create after deployment.? | `{}`           |
 
+### atlas
+
+This section contains parameters for configuring the atlas migration.
+
+| Name                     | Description                                                                                                      | Value                                                                                                 |
+| ------------------------ | ---------------------------------------------------------------------------------------------------------------- | ----------------------------------------------------------------------------------------------------- |
+| `atlas.enabled`          | Whether to add atlas init-container in graphql-server to manage schema migration via atlas. Defaults to false    | `false`                                                                                               |
+| `atlas.image.command`    | Command for the atlas migration. Overriding default entrypoint to read backend DB connection string from guac-cm | `["sh","-c","atlas migrate apply --dir file:///app/migrations --url $DB_ADDRESS?search_path=public"]` |
+| `atlas.image.repository` | Path to the atlas migration image                                                                                | `ghcr.io/guacsec/guac/atlas-migration`                                                                |
+| `atlas.image.tag`        | Tag if using an image tag.  Optional                                                                             | `undefined`                                                                                           |
+| `atlas.image.digest`     | Sha256 Image Digest. It is strongly recommended to use this for verification.                                    | `""`                                                                                                  |
+| `atlas.image.pullPolicy` | ImagePullPolicy for kubernetes                                                                                   | `IfNotPresent`                                                                                        |
+| `atlas.name`             | Name of the atlas migration component                                                                            | `atlas-migration`                                                                                     |
+
 ## Developing
 For running the unit tests, install the unittest plugin.
 

diff --git a/charts/guac/schema.json b/charts/guac/schema.json
@@ -1125,6 +1125,53 @@
                     "default": "rootPassword"
                 }
             }
+        },
+        "atlas": {
+            "type": "object",
+            "properties": {
+                "enabled": {
+                    "type": "boolean",
+                    "description": "Whether to add atlas init-container in graphql-server to manage schema migration via atlas. Defaults to false",
+                    "default": false
+                },
+                "image": {
+                    "type": "object",
+                    "properties": {
+                        "command": {
+                            "type": "array",
+                            "description": "Command for the atlas migration. Overriding default entrypoint to read backend DB connection string from guac-cm",
+                            "default": [
+                                "sh",
+                                "-c",
+                                "atlas migrate apply --dir file:///app/migrations --url $DB_ADDRESS?search_path=public"
+                            ],
+                            "items": {
+                                "type": "string"
+                            }
+                        },
+                        "repository": {
+                            "type": "string",
+                            "description": "Path to the atlas migration image",
+                            "default": "ghcr.io/guacsec/guac/atlas-migration"
+                        },
+                        "digest": {
+                            "type": "string",
+                            "description": "Sha256 Image Digest. It is strongly recommended to use this for verification.",
+                            "default": "\"\""
+                        },
+                        "pullPolicy": {
+                            "type": "string",
+                            "description": "ImagePullPolicy for kubernetes",
+                            "default": "IfNotPresent"
+                        }
+                    }
+                },
+                "name": {
+                    "type": "string",
+                    "description": "Name of the atlas migration component",
+                    "default": "atlas-migration"
+                }
+            }
         }
     }
 }
diff --git a/charts/guac/templates/graphql-server-deployment.yaml b/charts/guac/templates/graphql-server-deployment.yaml
@@ -29,6 +29,24 @@ spec:
         app.kubernetes.io/component: {{ .Values.guac.graphqlServer.name }}
     spec:
       serviceAccountName: {{ .Values.guac.graphqlServer.name }}
+{{- if .Values.atlas.enabled }}
+      initContainers:
+      - name: {{ .Values.atlas.name }}
+{{- if index .Values.guac.backend.ent "db-address" }}
+        env:
+        - name: DB_ADDRESS
+          value: '{{ index .Values.guac.backend.ent "db-address" }}'
+          optional: false
+{{- end }}      
+        {{- if .Values.atlas.image.digest }}
+        image: "{{ .Values.image.repository | default .Values.guac.guacImage.repository }}@{{ .Values.atlas.image.digest }}"
+        {{- else }}
+        image: "{{ .Values.atlas.image.repository | default .Values.guac.guacImage.repository }}:{{ .Values.atlas.image.tag | default .Values.guac.guacImage.tag | default .Chart.AppVersion}}"
+        {{- end }}
+        imagePullPolicy: {{ .Values.atlas.image.pullPolicy }}
+        command:
+{{ toYaml .Values.atlas.image.command | indent 10 }}
+{{- end }}
       containers:
       - name: {{ .Values.guac.graphqlServer.name }}
         {{- if .Values.guac.guacImage.digest }}

diff --git a/charts/guac/values.yaml b/charts/guac/values.yaml
@@ -165,6 +165,7 @@ imagePullSecrets:
 ## @param guac.collectorPublishToQueue Whether to publish ingestion message to pubsub queue
 ## @param guac.blobAddr [nullable] gocloud connection string for blob store configured via https://gocloud.dev/howto/blob/
 ## @param guac.additionalResources
+
 guac:
 
   guacImage:
@@ -522,3 +523,26 @@ minio:
     - accessKey: accessKey
       secretKey: secretKey
       policy: readwrite
+
+## @section atlas
+## @descriptionStart This section contains parameters for configuring the atlas migration.
+## @descriptionEnd
+## @param atlas.enabled Whether to add atlas init-container in graphql-server to manage schema migration via atlas. Defaults to false
+## @param atlas.image.command Command for the atlas migration. Overriding default entrypoint to read backend DB connection string from guac-cm
+## @param atlas.image.repository Path to the atlas migration image
+## @param atlas.image.tag [nullable] Tag if using an image tag.  Optional
+## @param atlas.image.digest [string] Sha256 Image Digest. It is strongly recommended to use this for verification.
+## @param atlas.image.pullPolicy ImagePullPolicy for kubernetes
+## @param atlas.name Name of the atlas migration component
+
+atlas:
+  enabled: false
+  image:
+    command: ['sh', '-c', 'atlas migrate apply --dir file:///app/migrations --url $DB_ADDRESS?search_path=public']
+    repository: ghcr.io/guacsec/guac/atlas-migration
+    # if not set appVersion field from Chart.yaml is used
+    # tag:
+    # When digest is set to a non-empty value, images will be pulled by digest (regardless of tag value).
+    digest: ""
+    pullPolicy: IfNotPresent
+  name: atlas-migration