From 4b76d8dc14f3d0951c17cdb3080781633d2f04ac Mon Sep 17 00:00:00 2001
From: George Taylor <george.taylor@digital.justice.gov.uk>
Date: Fri, 10 Jan 2025 10:21:58 +0000
Subject: [PATCH] chore: add helm chart for migration of db (delius core in CP)
 (#477)

* chore: add helm chart for migration of db

* fix: split resources
---
 helm/migrate-db/Chart.yaml                |  5 ++
 helm/migrate-db/templates/config-map.yaml | 25 +++++++
 helm/migrate-db/templates/job.yaml        | 84 +++++++++++++++++++++++
 3 files changed, 114 insertions(+)
 create mode 100644 helm/migrate-db/Chart.yaml
 create mode 100644 helm/migrate-db/templates/config-map.yaml
 create mode 100644 helm/migrate-db/templates/job.yaml

diff --git a/helm/migrate-db/Chart.yaml b/helm/migrate-db/Chart.yaml
new file mode 100644
index 00000000..46985323
--- /dev/null
+++ b/helm/migrate-db/Chart.yaml
@@ -0,0 +1,5 @@
+apiVersion: v2
+appVersion: 0.1
+version: 0.0.1
+description: A Helm chart for deploying a job to migrate DB data
+name: migrate-db
diff --git a/helm/migrate-db/templates/config-map.yaml b/helm/migrate-db/templates/config-map.yaml
new file mode 100644
index 00000000..c94e21b4
--- /dev/null
+++ b/helm/migrate-db/templates/config-map.yaml
@@ -0,0 +1,25 @@
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: migrate-db-script
+data:
+  entrypoint.sh: |-
+    #!/bin/bash
+    set -e
+    echo "${SRC_DB_HOST}:5432:${SRC_DB_NAME}:${SRC_DB_USER}:${SRC_DB_PASS}" > ~/.pgpass
+    echo "${DST_DB_HOST}:5432:${DST_DB_NAME}:${DST_DB_USER}:${DST_DB_PASS}" >> ~/.pgpass
+    chmod 0600 ~/.pgpass
+    chown job:job ~/.pgpass
+    set -x
+
+    # Dump the source database
+    pg_dump --jobs=4 --host="$SRC_DB_HOST" --username="$SRC_DB_USER" --dbname="$SRC_DB_NAME" --no-owner --no-privileges --verbose --format=directory --file=/home/job/db-dump
+
+    psql --host="$DST_DB_HOST" --username="$DST_DB_USER" --dbname="$DST_DB_NAME" -c "drop schema if exists public cascade;"
+
+    psql --host="$DST_DB_HOST" --username="$DST_DB_USER" --dbname="$DST_DB_NAME" -c "create schema public;"
+
+    # Restore the source database dump to the destination database
+    pg_restore --jobs=4 --host="$DST_DB_HOST" --username="$DST_DB_USER" --dbname="$DST_DB_NAME" --no-owner --no-privileges --verbose /home/job/db-dump
+    rm -rv /home/job/db-dump ~/.pgpass
diff --git a/helm/migrate-db/templates/job.yaml b/helm/migrate-db/templates/job.yaml
new file mode 100644
index 00000000..674941f7
--- /dev/null
+++ b/helm/migrate-db/templates/job.yaml
@@ -0,0 +1,84 @@
+---
+apiVersion: batch/v1
+kind: Job
+metadata:
+  name: migrate-db
+spec:
+  template:
+    spec:
+      containers:
+        - name: migrate-db
+          image: ghcr.io/ministryofjustice/hmpps-delius-alfresco-db-utils:latest # move this image to this repo
+          imagePullPolicy: IfNotPresent
+          resources:
+            limits:
+              cpu: 4
+              memory: 2Gi
+          command:
+            - /bin/entrypoint.sh
+          env:
+            - name: SRC_DB_NAME
+              valueFrom:
+                secretKeyRef:
+                  name: legacy-rds-instance-{{ .Values.component }}
+                  key: DATABASE_NAME
+            - name: SRC_DB_USER
+              valueFrom:
+                secretKeyRef:
+                  name: legacy-rds-instance-{{ .Values.component }}
+                  key: DATABASE_USERNAME
+            - name: SRC_DB_PASS
+              valueFrom:
+                secretKeyRef:
+                  name: legacy-rds-instance-{{ .Values.component }}
+                  key: DATABASE_PASSWORD
+            - name: SRC_DB_HOST
+              valueFrom:
+                secretKeyRef:
+                  name: legacy-rds-instance-{{ .Values.component }}
+                  key: RDS_INSTANCE_ADDRESS
+            - name: DST_DB_NAME
+              valueFrom:
+                secretKeyRef:
+                  name: rds-instance-output-{{ .Values.component }}
+                  key: DATABASE_NAME
+            - name: DST_DB_USER
+              valueFrom:
+                secretKeyRef:
+                  name: rds-instance-output-{{ .Values.component }}
+                  key: DATABASE_USERNAME
+            - name: DST_DB_PASS
+              valueFrom:
+                secretKeyRef:
+                  name: rds-instance-output-{{ .Values.component }}
+                  key: DATABASE_PASSWORD
+            - name: DST_DB_HOST
+              valueFrom:
+                secretKeyRef:
+                  name: rds-instance-output-{{ .Values.component }}
+                  key: RDS_INSTANCE_ADDRESS
+          volumeMounts:
+            - name: migrate-db-script
+              mountPath: /bin/entrypoint.sh
+              readOnly: true
+              subPath: entrypoint.sh
+          securityContext:
+            allowPrivilegeEscalation: false
+            privileged: false
+            readOnlyRootFilesystem: false
+            runAsNonRoot: true
+            runAsUser: 999
+            capabilities:
+              drop:
+                - ALL
+            seccompProfile:
+              type: RuntimeDefault
+      serviceAccount: hmpps-migration-{{ .Values.environment }}
+      serviceAccountName: hmpps-migration-{{ .Values.environment }}
+      restartPolicy: Never
+      volumes:
+        - name: migrate-db-script
+          configMap:
+            name: migrate-db-script
+            defaultMode: 0755
+  backoffLimit: 0