Skip to content

Commit

Permalink
🐛 Fix migration helm jobs + add stage env (#96)
Browse files Browse the repository at this point in the history 
* 🐛 Fix migration helm jobs

* 🎉 add stage environment

* Update job.yaml
  • Loading branch information
@georgepstaylor
georgepstaylor authored Sep 4, 2024
1 parent 7457f4e commit 59de785
Show file tree
Hide file tree
Showing 9 changed files with 224 additions and 79 deletions.
155 changes: 81 additions & 74 deletions jobs/migrate-db/templates/job.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -10,11 +10,19 @@ data:
echo "${SRC_DB_HOST}:5432:${SRC_DB_NAME}:${SRC_DB_USER}:${SRC_DB_PASS}" > ~/.pgpass
echo "${DST_DB_HOST}:5432:${DST_DB_NAME}:${DST_DB_USER}:${DST_DB_PASS}" >> ~/.pgpass
chmod 0600 ~/.pgpass
chown job:job ~/.pgpass
set -x
pg_dump --jobs=4 --host="$SRC_DB_HOST" --username="$SRC_DB_USER" --dbname="$SRC_DB_NAME" --no-owner --no-privileges --verbose --format=directory --file=/tmp/db-dump
pg_restore --jobs=4 --host="$DST_DB_HOST" --username="$DST_DB_USER" --dbname="$DST_DB_NAME" --clean --if-exists --no-owner --no-privileges --verbose /tmp/db-dump
rm -rv /tmp/db-dump ~/.pgpass
# Dump the source database
pg_dump --jobs=4 --host="$SRC_DB_HOST" --username="$SRC_DB_USER" --dbname="$SRC_DB_NAME" --no-owner --no-privileges --verbose --format=directory --file=/home/job/db-dump
psql --host="$DST_DB_HOST" --username="$DST_DB_USER" --dbname="$DST_DB_NAME" -c "drop schema if exists public cascade;"
psql --host="$DST_DB_HOST" --username="$DST_DB_USER" --dbname="$DST_DB_NAME" -c "create schema public;"
# Restore the source database dump to the destination database
pg_restore --jobs=4 --host="$DST_DB_HOST" --username="$DST_DB_USER" --dbname="$DST_DB_NAME" --no-owner --no-privileges --verbose /home/job/db-dump
rm -rv /home/job/db-dump ~/.pgpass
---
apiVersion: batch/v1
kind: Job
Expand All @@ -24,79 +32,78 @@ spec:
template:
spec:
containers:
- name: migrate-db
image: postgres:14
imagePullPolicy: IfNotPresent
resources:
limits:
cpu: 4
memory: 2Gi
command:
- /bin/entrypoint.sh
env:
- name: SRC_DB_NAME
valueFrom:
secretKeyRef:
name: legacy-rds-instance
key: DATABASE_NAME
- name: SRC_DB_USER
valueFrom:
secretKeyRef:
name: legacy-rds-instance
key: DATABASE_USERNAME
- name: SRC_DB_PASS
valueFrom:
secretKeyRef:
name: legacy-rds-instance
key: DATABASE_PASSWORD
- name: SRC_DB_HOST
valueFrom:
secretKeyRef:
name: legacy-rds-instance
key: RDS_INSTANCE_ADDRESS
- name: DST_DB_NAME
valueFrom:
secretKeyRef:
name: rds-instance-output
key: DATABASE_NAME
- name: DST_DB_USER
valueFrom:
secretKeyRef:
name: rds-instance-output
key: DATABASE_USERNAME
- name: DST_DB_PASS
valueFrom:
secretKeyRef:
name: rds-instance-output
key: DATABASE_PASSWORD
- name: DST_DB_HOST
valueFrom:
secretKeyRef:
name: rds-instance-output
key: RDS_INSTANCE_ADDRESS
volumeMounts:
- name: migrate-db-script
mountPath: /bin/entrypoint.sh
readOnly: true
subPath: entrypoint.sh
securityContext:
allowPrivilegeEscalation: false
privileged: false
readOnlyRootFilesystem: false
runAsNonRoot: true
runAsUser: 999
capabilities:
drop:
- ALL
seccompProfile:
type: RuntimeDefault
- name: migrate-db
image: ghcr.io/ministryofjustice/hmpps-delius-alfresco-db-utils:latest
imagePullPolicy: IfNotPresent
resources:
limits:
cpu: 4
memory: 2Gi
command:
- /bin/entrypoint.sh
env:
- name: SRC_DB_NAME
valueFrom:
secretKeyRef:
name: legacy-rds-instance
key: DATABASE_NAME
- name: SRC_DB_USER
valueFrom:
secretKeyRef:
name: legacy-rds-instance
key: DATABASE_USERNAME
- name: SRC_DB_PASS
valueFrom:
secretKeyRef:
name: legacy-rds-instance
key: DATABASE_PASSWORD
- name: SRC_DB_HOST
valueFrom:
secretKeyRef:
name: legacy-rds-instance
key: RDS_INSTANCE_ADDRESS
- name: DST_DB_NAME
valueFrom:
secretKeyRef:
name: rds-instance-output
key: DATABASE_NAME
- name: DST_DB_USER
valueFrom:
secretKeyRef:
name: rds-instance-output
key: DATABASE_USERNAME
- name: DST_DB_PASS
valueFrom:
secretKeyRef:
name: rds-instance-output
key: DATABASE_PASSWORD
- name: DST_DB_HOST
valueFrom:
secretKeyRef:
name: rds-instance-output
key: RDS_INSTANCE_ADDRESS
volumeMounts:
- name: migrate-db-script
mountPath: /bin/entrypoint.sh
readOnly: true
subPath: entrypoint.sh
securityContext:
allowPrivilegeEscalation: false
privileged: false
readOnlyRootFilesystem: false
runAsNonRoot: true
runAsUser: 999
capabilities:
drop:
- ALL
seccompProfile:
type: RuntimeDefault
serviceAccount: hmpps-migration-{{ .Values.environment }}
serviceAccountName: hmpps-migration-{{ .Values.environment }}
restartPolicy: Never
volumes:
- name: migrate-db-script
configMap:
name: migrate-db-script
defaultMode: 0755
- name: migrate-db-script
configMap:
name: migrate-db-script
defaultMode: 0755
backoffLimit: 0
...
8 changes: 4 additions & 4 deletions jobs/migrate-s3/templates/job.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -9,9 +9,9 @@ data:
set -xe
aws configure set default.s3.max_concurrent_requests 2000
aws configure set default.s3.use_accelerate_endpoint true
# aws configure set default.s3.use_accelerate_endpoint true
aws s3 sync s3://$SRC_BUCKET/$DIR s3://$DST_BUCKET/$DIR --delete --only-show-errors
aws s3 sync s3://$SRC_BUCKET/$DIR s3://$DST_BUCKET/$DIR --delete --only-show-errors --region eu-west-2
echo sync of $DIR directory completed
{{- range .Values.dirs }}
Expand All @@ -29,8 +29,8 @@ spec:
imagePullPolicy: IfNotPresent
resources:
limits:
cpu: 4
memory: 8Gi
cpu: 2
memory: 4Gi
command:
- /bin/entrypoint.sh
env:
Expand Down
2 changes: 1 addition & 1 deletion jobs/refresh-db/templates/job.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -48,7 +48,7 @@ spec:
spec:
containers:
- name: refresh-db
image: ghcr.io/ministryofjustice/hmpps-delius-alfresco-db-utils:NIT-1403-alfresco-move-away-from-long-running-github-workflows-10114657186
image: ghcr.io/ministryofjustice/hmpps-delius-alfresco-db-utils:latest
imagePullPolicy: IfNotPresent
resources:
limits:
Expand Down
43 changes: 43 additions & 0 deletions kustomize/stage/allowlist.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,43 @@
- "3.10.104.193" # legacy delius-stage-az1-nat-gateway
- "3.11.26.150" # legacy delius-stage-az2-nat-gateway
- "18.130.189.137" # legacy delius-stage-az3-nat-gateway
- "35.178.209.113" # Cloud Platform live-1-eu-west-2a
- "3.8.51.207" # Cloud Platform live-1-eu-west-2c
- "35.177.252.54" # Cloud Platform live-1-eu-west-2b
- "35.176.93.186/32" # MoJ GlobalProtect
- "35.177.125.252/32" # MoJ VPN Gateway Proxies
- "35.177.137.160/32" # MoJ VPN Gateway Proxies
- "81.134.202.29/32" # MoJ VPN
- "51.149.250.0/24" # PTTP / MoJO Production Account BYOIP CIDR range
- "51.149.251.0/24" # PTTP / MoJO Production Account BYOIP CIDR range - PreProd
- "213.121.161.112/28" # 102 Petty France WiFi
- "217.33.148.210/32" # Digital studio
- "13.43.9.198/32" # MP non_live_data-public-eu-west-2a-nat
- "13.42.163.245/32" # MP non_live_data-public-eu-west-2b-nat
- "18.132.208.127/32" # MP non_live_data-public-eu-west-2c-nat
- "51.149.249.0/29" # ARK Corsham Internet Egress Exponential-E
- "51.149.249.32/29" # ARK Corsham Internet Egress Exponential-E
- "194.33.192.0/25" # ARK internet (DOM1)
- "194.33.193.0/25" # ARK internet (DOM1)
- "194.33.196.0/25" # ARK internet (DOM1)
- "194.33.197.0/25" # ARK internet (DOM1)
- "195.59.75.0/24" # ARK internet (DOM1)
- "194.33.248.0/29" # ARK Corsham Internet Egress Vodafone
- "194.33.249.0/29" # ARK Corsham Internet Egress Vodafone
- "62.25.106.209/32" # OMNI
- "195.92.40.49/32" # OMNI
- "62.25.109.197/32" # Quantum
- "195.92.38.16/28" # Quantum
- "212.137.36.230/32" # Quantum
- "78.33.10.50/31" # Unilink AOVPN
- "78.33.10.52/30" # Unilink AOVPN
- "78.33.10.56/30" # Unilink AOVPN
- "78.33.10.60/32" # Unilink AOVPN
- "78.33.32.99/32" # Unilink AOVPN
- "78.33.32.100/30" # Unilink AOVPN
- "78.33.32.104/30" # Unilink AOVPN
- "78.33.32.108/32" # Unilink AOVPN
- "83.98.63.176/29" # Unilink AOVPN
- "194.75.210.216/29" # Unilink AOVPN
- "217.138.45.109/32" # Unilink AOVPN
- "217.138.45.110/32" # Unilink AOVPN
9 changes: 9 additions & 0 deletions kustomize/stage/kustomization.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,9 @@
apiVersion: kustomize.config.k8s.io/v1beta1
kind: Kustomization

resources:
- ../base

patches:
- path: patch-ingress-repository.yaml
- path: patch-ingress-share.yaml
29 changes: 29 additions & 0 deletions kustomize/stage/patch-ingress-repository.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,29 @@
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: alfresco-content-services-alfresco-cs-repository
annotations:
external-dns.alpha.kubernetes.io/set-identifier: alfresco-content-services-alfresco-cs-repository-hmpps-delius-alfresco-test-green
nginx.ingress.kubernetes.io/whitelist-source-range: "placeholder"
spec:
rules:
- host: hmpps-delius-alfresco-test.apps.live.cloud-platform.service.justice.gov.uk
http:
paths:
- backend:
service:
name: alfresco-content-services-alfresco-cs-repository
port:
number: 80
path: /
pathType: Prefix
- backend:
service:
name: alfresco-content-services-alfresco-cs-repository
port:
number: 80
path: /api-explorer
pathType: Prefix
tls:
- hosts:
- hmpps-delius-alfresco-test.apps.live.cloud-platform.service.justice.gov.uk
30 changes: 30 additions & 0 deletions kustomize/stage/patch-ingress-share.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,30 @@
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: alfresco-content-services-alfresco-cs-share
annotations:
external-dns.alpha.kubernetes.io/set-identifier: alfresco-content-services-alfresco-cs-share-hmpps-delius-alfresco-test-green
nginx.ingress.kubernetes.io/whitelist-source-range: "placeholder"
spec:
rules:
- host: share.hmpps-delius-alfresco-test.apps.live.cloud-platform.service.justice.gov.uk
http:
paths:
- backend:
service:
name: alfresco-content-services-alfresco-cs-share
port:
number: 80
path: /
pathType: Prefix
- backend:
service:
name: alfresco-content-services-alfresco-cs-share
port:
number: 80
path: /share/page/
pathType: Prefix
tls:
- hosts:
- share.hmpps-delius-alfresco-test.apps.live.cloud-platform.service.justice.gov.uk
secretName: share-ingress-cert
27 changes: 27 additions & 0 deletions kustomize/stage/values.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,27 @@
# this file overrides values defined in ./values.yaml
repository:
replicaCount: 2
image:
tag: release_7.3.2_elasticsearch-r5.0.2-content-latest
resources: # requests and limits set closer together to ensure CP stability
requests:
cpu: 4
memory: 16Gi
limits:
cpu: 6
memory: 24Gi
persistence:
baseSize: 100Gi
share:
replicaCount: 1
image:
tag: release_7.3.2_elasticsearch-r5.0.2-share-latest
externalHost: hmpps-delius-alfresco-dev.apps.live.cloud-platform.service.justice.gov.uk
externalProtocol: https
externalPort: 443
tika:
replicaCount: 2
resources:
limits:
cpu: 2
memory: 2Gi
Empty file removed test.yml
View file
Empty file.

0 comments on commit 59de785

Please sign in to comment.