Merge pull request #261 from Telecominfraproject/WIFI-13246-CS-postgres

WIFI-13246 Switch to non-HA postgres without pgpool
Telecominfraproject · Feb 13, 2024 · 6f2c8d9 · 6f2c8d9
2 parents c84cd0f + 796c78c
commit 6f2c8d9
Show file tree

Hide file tree

Showing 7 changed files with 180 additions and 146 deletions.
diff --git a/chart/Chart.yaml b/chart/Chart.yaml
@@ -44,10 +44,14 @@ dependencies:
   version: 0.1.0
   condition: owlsui.enabled
 - name: haproxy
-  repository: https://tip.jfrog.io/artifactory/tip-wlan-cloud-ucentral-helm/
-  version: 0.2.21
+  repository: oci://registry-1.docker.io/bitnamicharts
+  version: 0.13.3
   condition: haproxy.enabled
-- name: postgresql-ha
-  repository: https://tip.jfrog.io/artifactory/tip-wlan-cloud-ucentral-helm/
-  version: 8.6.13
-  condition: postgresql-ha.enabled
+#- name: postgresql-ha
+#  repository: https://tip.jfrog.io/artifactory/tip-wlan-cloud-ucentral-helm/
+#  version: 8.6.13
+#  condition: postgresql-ha.enabled
+- name: postgresql
+  repository: oci://registry-1.docker.io/bitnamicharts
+  version: 13.4.3
+  condition: postgresql.enabled
diff --git a/chart/environment-values/deploy.sh b/chart/environment-values/deploy.sh
diff --git a/chart/environment-values/values.aws.yaml b/chart/environment-values/values.aws.yaml
@@ -15,8 +15,8 @@ owgwui:
   ingresses:
     default:
       enabled: true
+      className: alb
       annotations:
-        kubernetes.io/ingress.class: alb
         alb.ingress.kubernetes.io/scheme: internet-facing
         alb.ingress.kubernetes.io/group.name: wlan-cicd
         alb.ingress.kubernetes.io/certificate-arn: arn:aws:acm:ap-south-1:289708231103:certificate/2cc8c764-11fd-411d-bf7d-a93f488f3f6c
@@ -65,8 +65,8 @@ owprovui:
   ingresses:
     default:
       enabled: true
+      className: alb
       annotations:
-        kubernetes.io/ingress.class: alb
         alb.ingress.kubernetes.io/scheme: internet-facing
         alb.ingress.kubernetes.io/group.name: wlan-cicd
         alb.ingress.kubernetes.io/certificate-arn: arn:aws:acm:ap-south-1:289708231103:certificate/2cc8c764-11fd-411d-bf7d-a93f488f3f6c

diff --git a/chart/environment-values/values.openwifi-qa.single-external-db.yaml b/chart/environment-values/values.openwifi-qa.single-external-db.yaml
@@ -2,55 +2,77 @@ owgw:
   configProperties:
     simulatorid: 53494D020202
     storage.type: postgresql
-    storage.type.postgresql.host: pgsql-pgpool
+    storage.type.postgresql.host: pgsql
     storage.type.postgresql.database: owgw
     storage.type.postgresql.username: owgw
     storage.type.postgresql.password: owgw
 
 owsec:
   configProperties:
     storage.type: postgresql
-    storage.type.postgresql.host: pgsql-pgpool
+    storage.type.postgresql.host: pgsql
     storage.type.postgresql.database: owsec
     storage.type.postgresql.username: owsec
     storage.type.postgresql.password: owsec
 
 owfms:
   configProperties:
     storage.type: postgresql
-    storage.type.postgresql.host: pgsql-pgpool
+    storage.type.postgresql.host: pgsql
     storage.type.postgresql.database: owfms
     storage.type.postgresql.username: owfms
     storage.type.postgresql.password: owfms
 
 owprov:
   configProperties:
     storage.type: postgresql
-    storage.type.postgresql.host: pgsql-pgpool
+    storage.type.postgresql.host: pgsql
     storage.type.postgresql.database: owprov
     storage.type.postgresql.username: owprov
     storage.type.postgresql.password: owprov
 
 owanalytics:
   configProperties:
     storage.type: postgresql
-    storage.type.postgresql.host: pgsql-pgpool
+    storage.type.postgresql.host: pgsql
     storage.type.postgresql.database: owanalytics
     storage.type.postgresql.username: owanalytics
     storage.type.postgresql.password: owanalytics
 
 owsub:
   configProperties:
     storage.type: postgresql
-    storage.type.postgresql.host: pgsql-pgpool
+    storage.type.postgresql.host: pgsql
     storage.type.postgresql.database: owsub
     storage.type.postgresql.username: owsub
     storage.type.postgresql.password: owsub
 
-postgresql-ha:
+postgresql:
   enabled: true
   initDbScriptSecret:
     enabled: true
+    initdbScriptsSecret: tip-openwifi-initdb-scripts
+  volumePermissions:
+    enabled: true
+  global:
+    postgresql:
+      auth:
+        postgresPassword: postgres
+  auth:
+    postgresPassword: postgres
+  primary:
+    extendedConfiguration: |-
+      max_connections = 550
+      shared_buffers = 128MB
+    #  log_error_verbosity = verbose
+    initdb:
+      scriptsSecret: tip-openwifi-initdb-scripts
+
+postgresql-ha:
+  enabled: false
+  initDbScriptSecret:
+    enabled: false
+    initdbScriptsSecret: tip-openwifi-initdb-scripts
   pgpool:
     adminPassword: admin
     resources:

diff --git a/chart/templates/_initdb_sql.tpl b/chart/templates/_initdb_sql.tpl
@@ -0,0 +1,13 @@
+{{- define "openwifi.user_creation_script_sql" -}}
+{{- $root := . -}}
+{{- $postgresqlBase := index .Values "postgresql" }}
+{{- $postgresqlEmulatedRoot := (dict "Values" $postgresqlBase "Chart" (dict "Name" "postgresql") "Release" $.Release) }}
+{{ range index .Values "postgresql" "initDbScriptSecret" "services" }}
+CREATE USER {{ index $root "Values" . "configProperties" "storage.type.postgresql.username" }};
+ALTER USER {{ index $root "Values" . "configProperties" "storage.type.postgresql.username" }} WITH ENCRYPTED PASSWORD '{{ index $root "Values" . "configProperties" "storage.type.postgresql.password" }}';
+CREATE DATABASE {{ index $root "Values" . "configProperties" "storage.type.postgresql.database" }};
+GRANT ALL PRIVILEGES ON DATABASE {{ index $root "Values" . "configProperties" "storage.type.postgresql.database" }} TO {{ index $root "Values" . "configProperties" "storage.type.postgresql.username" }};
+ALTER DATABASE {{ index $root "Values" . "configProperties" "storage.type.postgresql.database" }} OWNER TO {{ index $root "Values" . "configProperties" "storage.type.postgresql.username" }};
+{{ end }}
+{{- end -}}
+
diff --git a/chart/templates/secret-postgresql-initdb.yaml b/chart/templates/secret-postgresql-initdb.yaml
@@ -1,5 +1,5 @@
 {{- $root := . -}}
-{{- if  index .Values "postgresql-ha" "initDbScriptSecret" "enabled" }}
+{{- if index .Values "postgresql-ha" "initDbScriptSecret" "enabled" }}
 ---
 apiVersion: v1
 metadata:
@@ -14,3 +14,18 @@ type: Opaque
 data:
   users_creation.sh: {{ include "openwifi.user_creation_script" . | b64enc | quote }}
 {{- end }}
+{{- if index .Values "postgresql" "initDbScriptSecret" "enabled" }}
+---
+apiVersion: v1
+metadata:
+  labels:
+    app.kubernetes.io/name: {{ include "openwifi.name" . }}
+    helm.sh/chart: {{ include "openwifi.chart" . }}
+    app.kubernetes.io/instance: {{ .Release.Name }}
+    app.kubernetes.io/managed-by: {{ .Release.Service }}
+  name: {{ include "openwifi.fullname" . }}-initdb-scripts
+kind: Secret
+type: Opaque
+data:
+  initdb.sql: {{ include "openwifi.user_creation_script_sql" . | b64enc | quote }}
+{{- end }}
diff --git a/chart/values.yaml b/chart/values.yaml
@@ -1,39 +1,34 @@
 # OpenWIFI Gateway (https://github.com/Telecominfraproject/wlan-cloud-ucentralgw/)
 owgw:
   fullnameOverride: owgw
-
   configProperties:
     openwifi.kafka.enable: "true"
     openwifi.kafka.brokerlist: kafka:9092
 
 # OpenWIFI Security (https://github.com/Telecominfraproject/wlan-cloud-ucentralsec)
 owsec:
   fullnameOverride: owsec
-
   configProperties:
     openwifi.kafka.enable: "true"
     openwifi.kafka.brokerlist: kafka:9092
 
 # OpenWIFI Firmware (https://github.com/Telecominfraproject/wlan-cloud-ucentralfms)
 owfms:
   fullnameOverride: owfms
-
   configProperties:
     openwifi.kafka.enable: "true"
     openwifi.kafka.brokerlist: kafka:9092
 
 # OpenWIFI Provisioning (https://github.com/Telecominfraproject/wlan-cloud-owprov/)
 owprov:
   fullnameOverride: owprov
-
   configProperties:
     openwifi.kafka.enable: "true"
     openwifi.kafka.brokerlist: kafka:9092
 
 # OpenWIFI Analytics (https://github.com/Telecominfraproject/wlan-cloud-analytics)
 owanalytics:
   fullnameOverride: owanalytics
-
   configProperties:
     openwifi.kafka.enable: "true"
     openwifi.kafka.brokerlist: kafka:9092
@@ -49,39 +44,32 @@ owprovui:
 # OpenWIFI Subscription (https://github.com/Telecominfraproject/wlan-cloud-userportal/)
 owsub:
   fullnameOverride: owsub
-
   configProperties:
     openwifi.kafka.enable: "true"
     openwifi.kafka.brokerlist: kafka:9092
 
 # OpenWIFI radio resource management (https://github.com/Telecominfraproject/wlan-cloud-rrm/)
 owrrm:
   fullnameOverride: owrrm
-
   mysql:
     enabled: true
 
 # kafka (https://github.com/bitnami/charts/blob/master/bitnami/kafka/)
 kafka:
   enabled: true
-
   fullnameOverride: kafka
-
   image:
     registry: docker.io
     repository: bitnami/kafka
     tag: 2.8.0-debian-10-r43
-
   minBrokerId: 100
-
   zookeeper:
     fullnameOverride: zookeeper
 
 # clustersysteminfo check
 clustersysteminfo:
   enabled: false
   delay: 0 # number of seconds to delay clustersysteminfo execution
-
   images:
     clustersysteminfo:
       repository: tip-tip-wlan-cloud-ucentral.jfrog.io/clustersysteminfo
@@ -103,51 +91,39 @@ clustersysteminfo:
     # limits:
     #  cpu: 100m
     #  memory: 128Mi
-
   nodeSelector: {}
-
   tolerations: []
-
   affinity: {}
-
   public_env_variables:
     FLAGS: "-s --connect-timeout 3"
     OWSEC: owsec-owsec:16001
     CHECK_RETRIES: 30
-
   secret_env_variables:
     OWSEC_DEFAULT_USERNAME: [email protected]
     OWSEC_DEFAULT_PASSWORD: openwifi
     #OWSEC_NEW_PASSWORD: "" # Set this value in order for the check to work. Password must comply https://github.com/Telecominfraproject/wlan-cloud-ucentralsec/#authenticationvalidationexpression
-
   activeDeadlineSeconds: 2400
   backoffLimit: 5
   restartPolicy: OnFailure
 
 # OpenWIFI Load Simulator (https://github.com/Telecominfraproject/wlan-cloud-owls)
 owls:
   enabled: false
-
   fullnameOverride: owls
-
   configProperties:
     openwifi.kafka.enable: "true"
     openwifi.kafka.brokerlist: kafka:9092
 
 # OpenWIFI Load Simulator UI (https://github.com/Telecominfraproject/wlan-cloud-owls-ui)
 owlsui:
   enabled: false
-
   fullnameOverride: owlsui
 
 # HAproxy (https://github.com/bitnami/charts/tree/master/bitnami/haproxy)
 haproxy:
   enabled: true
-
   fullnameOverride: proxy
-
-  replicaCount: 3
-
+  replicaCount: 1
   service:
     type: LoadBalancer
     ports:
@@ -428,7 +404,6 @@ haproxy:
 # Cert-manager RESTAPI certs
 restapiCerts:
   enabled: false
-
   services:
     - owgw-owgw
     - owsec-owsec
@@ -438,9 +413,22 @@ restapiCerts:
     - owanalytics-owanalytics
     - owsub-owsub
     - owrrm-owrrm
-
   clusterDomain: cluster.local
 
+postgresql:
+  enabled: false
+  nameOverride: pgsql
+  fullnameOverride: pgsql
+  initDbScriptSecret:
+    enabled: false
+    services:
+      - owgw
+      - owsec
+      - owfms
+      - owprov
+      - owanalytics
+      - owsub
+
 postgresql-ha:
   enabled: false
   nameOverride: pgsql