From ac2eccc3ee43b452e07da22c9dd1148bda3be8cc Mon Sep 17 00:00:00 2001 From: Kjeld Schouten-Lebbing Date: Thu, 23 Feb 2023 22:28:17 +0100 Subject: [PATCH] inject init into values.yaml instead --- .../templates/lib/dependencies/_dbWait.tpl | 758 ++++++++++-------- .../lib/pod/_initContainerSpawner.tpl | 6 +- library/common/templates/loader/_init.tpl | 3 + 3 files changed, 418 insertions(+), 349 deletions(-) diff --git a/library/common/templates/lib/dependencies/_dbWait.tpl b/library/common/templates/lib/dependencies/_dbWait.tpl index 3f8d2c6d..90d72b5b 100644 --- a/library/common/templates/lib/dependencies/_dbWait.tpl +++ b/library/common/templates/lib/dependencies/_dbWait.tpl @@ -1,350 +1,420 @@ -{{- define "tc.v1.common.lib.deps.wait.init" -}} -{{ $fullname := include "tc.v1.common.lib.chart.names.fullname" $ }} +{{- define "tc.v1.common.lib.deps.wait" -}} {{ if .Values.redis.enabled }} -redis-wait: -{{- $redissecret := ( printf "%s-rediscreds" $fullname ) }} - enabled: true - type: system - imageSelector: redisClientImage - securityContext: - runAsUser: 568 - runAsGroup: 568 - readOnlyRootFilesystem: true - runAsNonRoot: true - allowPrivilegeEscalation: false - privileged: false - seccompProfile: - type: RuntimeDefault - capabilities: - add: [] - drop: - - ALL - resources: - requests: - cpu: 10m - memory: 50Mi - limits: - cpu: 4000m - memory: 8Gi - env: - REDIS_HOST: - secretKeyRef: - name: rediscreds - key: plainhost - REDIS_PASSWORD: - secretKeyRef: - name: rediscreds - key: redis-password - REDIS_PORT: "6379" - command: - - "/bin/sh" - - "-c" - - | - /bin/bash <<'EOF' - echo "Executing DB waits..." - [[ -n "$REDIS_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_PASSWORD"; - export LIVE=false; - until "$LIVE"; - do - response=$( - timeout -s 3 2 \ - redis-cli \ - -h "$REDIS_HOST" \ - -p "$REDIS_PORT" \ - ping - ) - if [ "$response" == "PONG" ] || [ "$response" == "LOADING Redis is loading the dataset in memory" ]; then - LIVE=true - echo "$response" - echo "Redis Responded, ending initcontainer and starting main container(s)..." - else - echo "$response" - echo "Redis not responding... Sleeping for 10 sec..." - sleep 10 - fi; - done - EOF -{{ end }} -{{ if .Values.mariadb.enabled }} -mariadb-wait: - enabled: true - type: system - imageSelector: mariadbClientImage - securityContext: - runAsUser: 568 - runAsGroup: 568 - readOnlyRootFilesystem: true - runAsNonRoot: true - allowPrivilegeEscalation: false - privileged: false - seccompProfile: - type: RuntimeDefault - capabilities: - add: [] - drop: - - ALL - resources: - requests: - cpu: 10m - memory: 50Mi - limits: - cpu: 4000m - memory: 8Gi - env: - MARIADB_HOST: - secretKeyRef: - name: mariadbcreds - key: plainhost - MARIADB_ROOT_PASSWORD: - secretKeyRef: - name: mariadbcreds - key: mariadb-root-password - command: - - "/bin/sh" - - "-c" - - | - /bin/bash <<'EOF' - echo "Executing DB waits..." - until - mysqladmin -uroot -h"${MARIADB_HOST}" -p"${MARIADB_ROOT_PASSWORD}" ping \ - && mysqladmin -uroot -h"${MARIADB_HOST}" -p"${MARIADB_ROOT_PASSWORD}" status; - do sleep 2; - done - EOF -{{ end }} -{{ if .Values.mongodb.enabled }} -mongodb-wait: - enabled: true - type: system - imageSelector: mongodbClientImage - securityContext: - runAsUser: 568 - runAsGroup: 568 - readOnlyRootFilesystem: true - runAsNonRoot: true - allowPrivilegeEscalation: false - privileged: false - seccompProfile: - type: RuntimeDefault - capabilities: - add: [] - drop: - - ALL - resources: - requests: - cpu: 10m - memory: 50Mi - limits: - cpu: 4000m - memory: 8Gi - env: - MONGODB_HOST: - secretKeyRef: - name: mongodbcreds - key: plainhost - MONGODB_DATABASE: "{{ .Values.mongodb.mongodbDatabase }}" - command: - - "/bin/sh" - - "-c" - - | - /bin/bash <<'EOF' - echo "Executing DB waits..." - until - HOME=/config && echo "db.runCommand(\"ping\")" | mongosh --host ${MONGODB_HOST} --port 27017 ${MONGODB_DATABASE} --quiet; - do sleep 2; - done - EOF -{{ end }} -{{ if .Values.clickhouse.enabled }} -clickhouse-wait: - enabled: true - type: system - imageSelector: alpineImage - securityContext: - runAsUser: 568 - runAsGroup: 568 - readOnlyRootFilesystem: true - runAsNonRoot: true - allowPrivilegeEscalation: false - privileged: false - seccompProfile: - type: RuntimeDefault - capabilities: - add: [] - drop: - - ALL - resources: - requests: - cpu: 10m - memory: 50Mi - limits: - cpu: 4000m - memory: 8Gi - env: - CLICKHOUSE_PING: - secretKeyRef: - name: "clickhousecreds" - key: ping - command: - - "/bin/sh" - - "-c" - - | - /bin/bash <<'EOF' - echo "Executing DB waits..." - until wget --quiet --tries=1 --spider "${CLICKHOUSE_PING}"; do - echo "ClickHouse - no response. Sleeping 2 seconds..." - sleep 2 - done - echo "ClickHouse - accepting connections" - EOF -{{ end }} -{{ if .Values.solr.enabled }} -solr-wait: - enabled: true - type: system - imageSelector: wgetImage - securityContext: - runAsUser: 568 - runAsGroup: 568 - readOnlyRootFilesystem: true - runAsNonRoot: true - allowPrivilegeEscalation: false - privileged: false - seccompProfile: - type: RuntimeDefault - capabilities: - add: [] - drop: - - ALL - resources: - requests: - cpu: 10m - memory: 50Mi - limits: - cpu: 4000m - memory: 8Gi - env: - SOLR_HOST: - secretKeyRef: - name: solrcreds - key: plainhost - SOLR_CORES: "{{ .Values.solr.solrCores }}" - SOLR_ENABLE_AUTHENTICATION: "{{ .Values.solr.solrEnableAuthentication }}" - SOLR_ADMIN_USERNAME: "{{ .Values.solr.solrUsername }}" - SOLR_ADMIN_PASSWORD: - secretKeyRef: - name: solrcreds - key: solr-password +{{- $container := include "tc.v1.common.lib.deps.wait.redis" $ | fromYaml -}} +{{- if $container -}} + {{- range .Values.workload -}} + {{- $_ := set .podSpec.initContainers "redis-wait" $container -}} + {{- end }} +{{- end -}} +{{- end }} + + +{{ if .Values.mariadb.enabled }} +{{- $container := include "tc.v1.common.lib.deps.wait.mariadb" $ | fromYaml -}} +{{- if $container -}} + {{- range .Values.workload -}} + {{- $_ := set .podSpec.initContainers "mariadb-wait" $container -}} + {{- end }} +{{- end -}} +{{- end }} + +{{ if .Values.mongodb.enabled }} +{{- $container := include "tc.v1.common.lib.deps.wait.mongodb" $ | fromYaml -}} +{{- if $container -}} + {{- range .Values.workload -}} + {{- $_ := set .podSpec.initContainers "mongodb-wait" $container -}} + {{- end }} +{{- end -}} +{{- end }} + +{{ if .Values.clickhouse.enabled }} +{{- $container := include "tc.v1.common.lib.deps.wait.clickhouse" $ | fromYaml -}} +{{- if $container -}} + {{- range .Values.workload -}} + {{- $_ := set .podSpec.initContainers "clickhouse-wait" $container -}} + {{- end }} +{{- end -}} +{{- end }} + +{{ if .Values.solr.enabled }} +{{- $container := include "tc.v1.common.lib.deps.wait.solr" $ | fromYaml -}} +{{- if $container -}} + {{- range .Values.workload -}} + {{- $_ := set .podSpec.initContainers "solr-wait" $container -}} + {{- end }} +{{- end -}} +{{- end }} - command: - - "/bin/sh" - - "-c" - - | - /bin/bash <<'EOF' - echo "Executing DB waits..." - if [ "$SOLR_ENABLE_AUTHENTICATION" == "yes" ]; then - until curl --fail --user "${SOLR_ADMIN_USERNAME}":"${SOLR_ADMIN_PASSWORD}" "${SOLR_HOST}":8983/solr/"${SOLR_CORES}"/admin/ping; do - echo "Solr is not responding... Sleeping 2 seconds..." - sleep 2 - done - else - until curl --fail "${SOLR_HOST}":8983/solr/"${SOLR_CORES}"/admin/ping; do - echo "Solr is not responding... Sleeping 2 seconds..." - sleep 2 - done - fi; - EOF -{{ end }} {{ if .Values.postgresql.enabled }} -postgresql-wait: - enabled: true - type: system - imageSelector: postgresClientImage - securityContext: - runAsUser: 568 - runAsGroup: 568 - readOnlyRootFilesystem: true - runAsNonRoot: true - allowPrivilegeEscalation: false - privileged: false - seccompProfile: - type: RuntimeDefault - capabilities: - add: [] - drop: - - ALL - resources: - requests: - cpu: 10m - memory: 50Mi - limits: - cpu: 4000m - memory: 8Gi - command: - - "/bin/sh" - - "-c" - - | - /bin/sh <<'EOF' - echo "Executing DB waits..." - {{- $pghost := printf "%v-%v" .Release.Name "postgresql" }} - until - pg_isready -U {{ .Values.postgresql.postgresqlUsername }} -h {{ $pghost }} - do sleep 2 - done - EOF -{{ end }} +{{- $container := include "tc.v1.common.lib.deps.wait.postgresql" $ | fromYaml -}} +{{- if $container -}} + {{- range .Values.workload -}} + {{- $_ := set .podSpec.initContainers "postgresql-wait" $container -}} + {{- end }} +{{- end -}} +{{- end }} + {{ $result := false }}{{ range .Values.cnpg }}{{ if .enabled }}{{ $result = true }}{{ end }}{{ end }} {{ if $result }} -cnpg-wait: - enabled: true - type: system - imageSelector: postgresClientImage - securityContext: - runAsUser: 568 - runAsGroup: 568 - readOnlyRootFilesystem: true - runAsNonRoot: true - allowPrivilegeEscalation: false - privileged: false - seccompProfile: - type: RuntimeDefault - capabilities: - add: [] - drop: - - ALL - resources: - requests: - cpu: 10m - memory: 50Mi - limits: - cpu: 4000m - memory: 8Gi - command: - - "/bin/sh" - - "-c" - - | - /bin/sh <<'EOF' - {{ range $name, $cnpg := .Values.cnpg }} - {{ if $cnpg.enabled }} - echo "Executing DB waits..." - {{ $cnpgName := include "tc.v1.common.lib.chart.names.fullname" $ }} - {{ $cnpgName = printf "%v-%v" $cnpgName $name }} - until - pg_isready -U {{ .user }} -h {{ $cnpgName }}-{{ $cnpgName }} - do sleep 2 - done - until - pg_isready -U {{ .user }} -h {{ $cnpgName }}-{{ $cnpgName }}-rw - do sleep 2 - done - {{ if $cnpg.acceptRO }} - until - pg_isready -U {{ .user }} -h {{ $cnpgName }}-{{ $cnpgName }}-ro - do sleep 2 - done - {{ end }} - {{ end }} - {{ end }} - EOF -{{ end }} +{{- $container := include "tc.v1.common.lib.deps.wait.cnpg" $ | fromYaml -}} +{{- if $container -}} + {{- range $.Values.workload -}} + {{- if and .enabled .podSpec }} + {{- $_ := set .podSpec.initContainers "cnpg-wait" $container -}} + {{- end }} + {{- end }} +{{- end -}} +{{- end }} + +{{- end -}} + +{{- define "tc.v1.common.lib.deps.wait.redis" -}} +{{ $fullname := include "tc.v1.common.lib.chart.names.fullname" $ }} +{{- $redissecret := ( printf "%s-rediscreds" $fullname ) }} +enabled: true +type: system +imageSelector: redisClientImage +securityContext: + runAsUser: 568 + runAsGroup: 568 + readOnlyRootFilesystem: true + runAsNonRoot: true + allowPrivilegeEscalation: false + privileged: false + seccompProfile: + type: RuntimeDefault + capabilities: + add: [] + drop: + - ALL +resources: + requests: + cpu: 10m + memory: 50Mi + limits: + cpu: 4000m + memory: 8Gi +env: + REDIS_HOST: + secretKeyRef: + name: rediscreds + key: plainhost + REDIS_PASSWORD: + secretKeyRef: + name: rediscreds + key: redis-password + REDIS_PORT: "6379" +command: + - "/bin/sh" + - "-c" + - | + /bin/bash <<'EOF' + echo "Executing DB waits..." + [[ -n "$REDIS_PASSWORD" ]] && export REDISCLI_AUTH="$REDIS_PASSWORD"; + export LIVE=false; + until "$LIVE"; + do + response=$( + timeout -s 3 2 \ + redis-cli \ + -h "$REDIS_HOST" \ + -p "$REDIS_PORT" \ + ping + ) + if [ "$response" == "PONG" ] || [ "$response" == "LOADING Redis is loading the dataset in memory" ]; then + LIVE=true + echo "$response" + echo "Redis Responded, ending initcontainer and starting main container(s)..." + else + echo "$response" + echo "Redis not responding... Sleeping for 10 sec..." + sleep 10 + fi; + done + EOF +{{ end }} + + +{{- define "tc.v1.common.lib.deps.wait.mariadb" -}} +enabled: true +type: system +imageSelector: mariadbClientImage +securityContext: + runAsUser: 568 + runAsGroup: 568 + readOnlyRootFilesystem: true + runAsNonRoot: true + allowPrivilegeEscalation: false + privileged: false + seccompProfile: + type: RuntimeDefault + capabilities: + add: [] + drop: + - ALL +resources: + requests: + cpu: 10m + memory: 50Mi + limits: + cpu: 4000m + memory: 8Gi +env: + MARIADB_HOST: + secretKeyRef: + name: mariadbcreds + key: plainhost + MARIADB_ROOT_PASSWORD: + secretKeyRef: + name: mariadbcreds + key: mariadb-root-password +command: + - "/bin/sh" + - "-c" + - | + /bin/bash <<'EOF' + echo "Executing DB waits..." + until + mysqladmin -uroot -h"${MARIADB_HOST}" -p"${MARIADB_ROOT_PASSWORD}" ping \ + && mysqladmin -uroot -h"${MARIADB_HOST}" -p"${MARIADB_ROOT_PASSWORD}" status; + do sleep 2; + done + EOF +{{ end }} + + +{{- define "tc.v1.common.lib.deps.wait.mongodb" -}} +enabled: true +type: system +imageSelector: mongodbClientImage +securityContext: + runAsUser: 568 + runAsGroup: 568 + readOnlyRootFilesystem: true + runAsNonRoot: true + allowPrivilegeEscalation: false + privileged: false + seccompProfile: + type: RuntimeDefault + capabilities: + add: [] + drop: + - ALL +resources: + requests: + cpu: 10m + memory: 50Mi + limits: + cpu: 4000m + memory: 8Gi +env: + MONGODB_HOST: + secretKeyRef: + name: mongodbcreds + key: plainhost + MONGODB_DATABASE: "{{ .Values.mongodb.mongodbDatabase }}" +command: + - "/bin/sh" + - "-c" + - | + /bin/bash <<'EOF' + echo "Executing DB waits..." + until + HOME=/config && echo "db.runCommand(\"ping\")" | mongosh --host ${MONGODB_HOST} --port 27017 ${MONGODB_DATABASE} --quiet; + do sleep 2; + done + EOF +{{ end }} + + +{{- define "tc.v1.common.lib.deps.wait.clickhouse" -}} +enabled: true +type: system +imageSelector: alpineImage +securityContext: + runAsUser: 568 + runAsGroup: 568 + readOnlyRootFilesystem: true + runAsNonRoot: true + allowPrivilegeEscalation: false + privileged: false + seccompProfile: + type: RuntimeDefault + capabilities: + add: [] + drop: + - ALL +resources: + requests: + cpu: 10m + memory: 50Mi + limits: + cpu: 4000m + memory: 8Gi +env: + CLICKHOUSE_PING: + secretKeyRef: + name: "clickhousecreds" + key: ping +command: + - "/bin/sh" + - "-c" + - | + /bin/bash <<'EOF' + echo "Executing DB waits..." + until wget --quiet --tries=1 --spider "${CLICKHOUSE_PING}"; do + echo "ClickHouse - no response. Sleeping 2 seconds..." + sleep 2 + done + echo "ClickHouse - accepting connections" + EOF +{{ end }} + +{{- define "tc.v1.common.lib.deps.wait.solr" -}} +enabled: true +type: system +imageSelector: wgetImage +securityContext: + runAsUser: 568 + runAsGroup: 568 + readOnlyRootFilesystem: true + runAsNonRoot: true + allowPrivilegeEscalation: false + privileged: false + seccompProfile: + type: RuntimeDefault + capabilities: + add: [] + drop: + - ALL +resources: + requests: + cpu: 10m + memory: 50Mi + limits: + cpu: 4000m + memory: 8Gi +env: + SOLR_HOST: + secretKeyRef: + name: solrcreds + key: plainhost + SOLR_CORES: "{{ .Values.solr.solrCores }}" + SOLR_ENABLE_AUTHENTICATION: "{{ .Values.solr.solrEnableAuthentication }}" + SOLR_ADMIN_USERNAME: "{{ .Values.solr.solrUsername }}" + SOLR_ADMIN_PASSWORD: + secretKeyRef: + name: solrcreds + key: solr-password + +command: + - "/bin/sh" + - "-c" + - | + /bin/bash <<'EOF' + echo "Executing DB waits..." + if [ "$SOLR_ENABLE_AUTHENTICATION" == "yes" ]; then + until curl --fail --user "${SOLR_ADMIN_USERNAME}":"${SOLR_ADMIN_PASSWORD}" "${SOLR_HOST}":8983/solr/"${SOLR_CORES}"/admin/ping; do + echo "Solr is not responding... Sleeping 2 seconds..." + sleep 2 + done + else + until curl --fail "${SOLR_HOST}":8983/solr/"${SOLR_CORES}"/admin/ping; do + echo "Solr is not responding... Sleeping 2 seconds..." + sleep 2 + done + fi; + EOF +{{ end }} + +{{- define "tc.v1.common.lib.deps.wait.postgresql" -}} +enabled: true +type: system +imageSelector: postgresClientImage +securityContext: + runAsUser: 568 + runAsGroup: 568 + readOnlyRootFilesystem: true + runAsNonRoot: true + allowPrivilegeEscalation: false + privileged: false + seccompProfile: + type: RuntimeDefault + capabilities: + add: [] + drop: + - ALL +resources: + requests: + cpu: 10m + memory: 50Mi + limits: + cpu: 4000m + memory: 8Gi +command: + - "/bin/sh" + - "-c" + - | + /bin/sh <<'EOF' + echo "Executing DB waits..." + {{- $pghost := printf "%v-%v" .Release.Name "postgresql" }} + until + pg_isready -U {{ .Values.postgresql.postgresqlUsername }} -h {{ $pghost }} + do sleep 2 + done + EOF +{{ end }} + + +{{- define "tc.v1.common.lib.deps.wait.cnpg" -}} +enabled: true +type: system +imageSelector: postgresClientImage +securityContext: + runAsUser: 568 + runAsGroup: 568 + readOnlyRootFilesystem: true + runAsNonRoot: true + allowPrivilegeEscalation: false + privileged: false + seccompProfile: + type: RuntimeDefault + capabilities: + add: [] + drop: + - ALL +resources: + requests: + cpu: 10m + memory: 50Mi + limits: + cpu: 4000m + memory: 8Gi +command: + - "/bin/sh" + - "-c" + - | + /bin/sh <<'EOF' + {{ range $name, $cnpg := .Values.cnpg }} + {{ if $cnpg.enabled }} + echo "Executing DB waits..." + {{ $cnpgName := include "tc.v1.common.lib.chart.names.fullname" $ }} + {{ $cnpgName = printf "%v-%v" $cnpgName $name }} + until + pg_isready -U {{ .user }} -h {{ $cnpgName }}-{{ $cnpgName }} + do sleep 2 + done + until + pg_isready -U {{ .user }} -h {{ $cnpgName }}-{{ $cnpgName }}-rw + do sleep 2 + done + {{ if $cnpg.acceptRO }} + until + pg_isready -U {{ .user }} -h {{ $cnpgName }}-{{ $cnpgName }}-ro + do sleep 2 + done + {{ end }} + {{ end }} + {{ end }} + EOF {{- end -}} diff --git a/library/common/templates/lib/pod/_initContainerSpawner.tpl b/library/common/templates/lib/pod/_initContainerSpawner.tpl index 9c43b26e..a7da12bc 100644 --- a/library/common/templates/lib/pod/_initContainerSpawner.tpl +++ b/library/common/templates/lib/pod/_initContainerSpawner.tpl @@ -14,12 +14,8 @@ objectData: The object data to be used to render the Pod. "upgrade" list) -}} {{- $types := (list "system" "init" "install" "upgrade") -}} - {{- $dbWait := include "tc.v1.common.lib.deps.wait.init" $rootCtx | fromYaml -}} - {{- $mergedContainers := $objectData.podSpec.initContainers -}} - {{- if $objectData.dbWait -}} - {{- $mergedContainers = merge $mergedContainers $dbWait -}} - {{- end -}} + {{- $mergedContainers := $objectData.podSpec.initContainers -}} {{- range $containerName, $containerValues := $mergedContainers -}} diff --git a/library/common/templates/loader/_init.tpl b/library/common/templates/loader/_init.tpl index 54e5f3e8..c08d18c8 100644 --- a/library/common/templates/loader/_init.tpl +++ b/library/common/templates/loader/_init.tpl @@ -40,4 +40,7 @@ {{- include "tc.v1.common.addon.netshoot" . }} {{- end -}} + {{/* Append database wait containers to pods */}} + {{- include "tc.v1.common.lib.deps.wait" $ }} + {{- end -}}