diff --git a/helm/reana/templates/database-secrets.yaml b/helm/reana/templates/database-secrets.yaml new file mode 100644 index 00000000..ea6efd92 --- /dev/null +++ b/helm/reana/templates/database-secrets.yaml @@ -0,0 +1,11 @@ +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "reana.prefix" . }}-db-secrets + namespace: {{ .Release.Namespace }} + annotations: + "helm.sh/resource-policy": keep +type: Opaque +data: + user: {{ .Values.secrets.database.user | default "reana" | b64enc }} + password: {{ .Values.secrets.database.password | default "reana" | b64enc }} diff --git a/helm/reana/templates/pgbouncer-config.yaml b/helm/reana/templates/pgbouncer-config.yaml new file mode 100644 index 00000000..8454fa20 --- /dev/null +++ b/helm/reana/templates/pgbouncer-config.yaml @@ -0,0 +1,22 @@ + +{{- if .Values.pgbouncer.enabled }} +apiVersion: v1 +kind: ConfigMap +metadata: + name: {{ include "reana.prefix" . }}-pgbouncer-config + namespace: {{ .Release.Namespace }} +data: + PGBOUNCER_POOL_MODE: {{ .Values.pgbouncer.pool_mode | quote }} + PGBOUNCER_MAX_CLIENT_CONN: {{ .Values.pgbouncer.max_client_conn | quote }} + PGBOUNCER_MAX_DB_CONNECTIONS: {{ .Values.pgbouncer.max_db_connections | quote }} + PGBOUNCER_DEFAULT_POOL_SIZE: {{ .Values.pgbouncer.max_db_connections | quote }} + {{- if .Values.components.reana_db.enabled }} + PGBOUNCER_DATABASE: reana + POSTGRESQL_HOST: {{ include "reana.prefix" . }}-db + POSTGRESQL_PORT: "5432" + {{- else }} + PGBOUNCER_DATABASE: {{ .Values.db_env_config.REANA_DB_NAME | quote }} + POSTGRESQL_HOST: {{ .Values.db_env_config.REANA_DB_HOST | quote }} + POSTGRESQL_PORT: {{ .Values.db_env_config.REANA_DB_PORT | quote }} + {{- end }} +{{- end }} diff --git a/helm/reana/templates/pgbouncer-secrets.yaml b/helm/reana/templates/pgbouncer-secrets.yaml new file mode 100644 index 00000000..a46a7156 --- /dev/null +++ b/helm/reana/templates/pgbouncer-secrets.yaml @@ -0,0 +1,12 @@ +{{- if .Values.pgbouncer.enabled }} +apiVersion: v1 +kind: Secret +metadata: + name: {{ include "reana.prefix" . }}-pgbouncer-secrets + namespace: {{ .Release.Namespace }} + annotations: + "helm.sh/resource-policy": keep +type: Opaque +data: + userlist: {{ printf "%s %s" (.Values.secrets.database.user | default "reana" | quote) (.Values.secrets.database.password | default "reana" | quote) | b64enc}} +{{- end }} diff --git a/helm/reana/templates/pgbouncer.yaml b/helm/reana/templates/pgbouncer.yaml index c43b1dfd..842a12b9 100644 --- a/helm/reana/templates/pgbouncer.yaml +++ b/helm/reana/templates/pgbouncer.yaml @@ -13,26 +13,6 @@ spec: targetPort: 6432 protocol: TCP --- -apiVersion: v1 -kind: ConfigMap -metadata: - name: {{ include "reana.prefix" . }}-pgbouncer-conf - namespace: {{ .Release.Namespace }} -data: - PGBOUNCER_POOL_MODE: {{ .Values.pgbouncer.pool_mode | quote }} - PGBOUNCER_MAX_CLIENT_CONN: {{ .Values.pgbouncer.max_client_conn | quote }} - PGBOUNCER_MAX_DB_CONNECTIONS: {{ .Values.pgbouncer.max_db_connections | quote }} - PGBOUNCER_DEFAULT_POOL_SIZE: {{ .Values.pgbouncer.max_db_connections | quote }} - {{- if .Values.components.reana_db.enabled }} - PGBOUNCER_DATABASE: reana - POSTGRESQL_HOST: {{ include "reana.prefix" . }}-db - POSTGRESQL_PORT: "5432" - {{- else }} - PGBOUNCER_DATABASE: {{ .Values.db_env_config.REANA_DB_NAME | quote }} - POSTGRESQL_HOST: {{ .Values.db_env_config.REANA_DB_HOST | quote }} - POSTGRESQL_PORT: {{ .Values.db_env_config.REANA_DB_PORT | quote }} - {{- end }} ---- apiVersion: apps/v1 kind: Deployment metadata: @@ -47,6 +27,10 @@ spec: metadata: labels: app: {{ include "reana.prefix" . }}-pgbouncer + annotations: + checksum/pgbouncer-config: {{ include (print $.Template.BasePath "/pgbouncer-config.yaml") . | sha256sum }} + checksum/pgbouncer-secrets: {{ include (print $.Template.BasePath "/pgbouncer-secrets.yaml") . | sha256sum }} + checksum/database-secrets: {{ include (print $.Template.BasePath "/database-secrets.yaml") . | sha256sum }} spec: containers: - name: pgbouncer @@ -55,7 +39,7 @@ spec: - containerPort: 6432 envFrom: - configMapRef: - name: {{ include "reana.prefix" . }}-pgbouncer-conf + name: {{ include "reana.prefix" . }}-pgbouncer-config env: - name: POSTGRESQL_USERNAME valueFrom: diff --git a/helm/reana/templates/reana-server.yaml b/helm/reana/templates/reana-server.yaml index b460f73e..df723d26 100644 --- a/helm/reana/templates/reana-server.yaml +++ b/helm/reana/templates/reana-server.yaml @@ -28,6 +28,9 @@ spec: metadata: labels: app: {{ include "reana.prefix" . }}-server + annotations: + checksum/database-config: {{ include (print $.Template.BasePath "/database-config.yaml") . | sha256sum }} + checksum/database-secrets: {{ include (print $.Template.BasePath "/database-secrets.yaml") . | sha256sum }} spec: serviceAccountName: {{ include "reana.prefixed_infrastructure_svaccount_name" . }} containers: diff --git a/helm/reana/templates/reana-workflow-controller.yaml b/helm/reana/templates/reana-workflow-controller.yaml index b7f06884..b18429e3 100644 --- a/helm/reana/templates/reana-workflow-controller.yaml +++ b/helm/reana/templates/reana-workflow-controller.yaml @@ -45,6 +45,9 @@ spec: metadata: labels: app: {{ include "reana.prefix" . }}-workflow-controller + annotations: + checksum/database-config: {{ include (print $.Template.BasePath "/database-config.yaml") . | sha256sum }} + checksum/database-secrets: {{ include (print $.Template.BasePath "/database-secrets.yaml") . | sha256sum }} spec: serviceAccountName: {{ include "reana.prefixed_infrastructure_svaccount_name" . }} containers: diff --git a/helm/reana/templates/secrets.yaml b/helm/reana/templates/secrets.yaml index 92c689d0..b211ab5c 100644 --- a/helm/reana/templates/secrets.yaml +++ b/helm/reana/templates/secrets.yaml @@ -1,31 +1,6 @@ --- apiVersion: v1 kind: Secret -metadata: - name: {{ include "reana.prefix" . }}-db-secrets - namespace: {{ .Release.Namespace }} - annotations: - "helm.sh/resource-policy": keep -type: Opaque -data: - user: {{ .Values.secrets.database.user | default "reana" | b64enc }} - password: {{ .Values.secrets.database.password | default "reana" | b64enc }} -{{- if .Values.pgbouncer.enabled }} ---- -apiVersion: v1 -kind: Secret -metadata: - name: {{ include "reana.prefix" . }}-pgbouncer-secrets - namespace: {{ .Release.Namespace }} - annotations: - "helm.sh/resource-policy": keep -type: Opaque -data: - userlist: {{ printf "%s %s" (.Values.secrets.database.user | default "reana" | quote) (.Values.secrets.database.password | default "reana" | quote) | b64enc}} -{{- end }} ---- -apiVersion: v1 -kind: Secret metadata: name: {{ include "reana.prefix" . }}-cern-sso-secrets namespace: {{ .Release.Namespace }}