From f0edd5c0433f665f229e93cb94c66ea86284ddb9 Mon Sep 17 00:00:00 2001 From: Jonathan Sharman Date: Tue, 19 Apr 2022 09:57:03 -0700 Subject: [PATCH 01/18] feat: metabase --- helm/metabase/Chart.yaml | 5 + helm/metabase/Makefile | 26 +++ helm/metabase/README.md | 76 +++++++ helm/metabase/templates/deploymentconfig.yaml | 186 ++++++++++++++++++ helm/metabase/templates/imagestream.yaml | 16 ++ .../templates/intra-project-comms.yaml | 27 +++ .../templates/persistentvolumeclaim.yaml | 14 ++ helm/metabase/templates/route.yaml | 15 ++ helm/metabase/templates/secret.yaml | 13 ++ helm/metabase/templates/service.yaml | 41 ++++ helm/metabase/templates/serviceaccount.yaml | 8 + helm/metabase/values-c6af30-tools.yaml | 2 + helm/metabase/values-eb75ad-tools.yaml | 3 + helm/metabase/values.yaml | 12 ++ 14 files changed, 444 insertions(+) create mode 100644 helm/metabase/Chart.yaml create mode 100644 helm/metabase/Makefile create mode 100644 helm/metabase/README.md create mode 100644 helm/metabase/templates/deploymentconfig.yaml create mode 100644 helm/metabase/templates/imagestream.yaml create mode 100644 helm/metabase/templates/intra-project-comms.yaml create mode 100644 helm/metabase/templates/persistentvolumeclaim.yaml create mode 100644 helm/metabase/templates/route.yaml create mode 100644 helm/metabase/templates/secret.yaml create mode 100644 helm/metabase/templates/service.yaml create mode 100644 helm/metabase/templates/serviceaccount.yaml create mode 100644 helm/metabase/values-c6af30-tools.yaml create mode 100644 helm/metabase/values-eb75ad-tools.yaml create mode 100644 helm/metabase/values.yaml diff --git a/helm/metabase/Chart.yaml b/helm/metabase/Chart.yaml new file mode 100644 index 00000000..696e7bac --- /dev/null +++ b/helm/metabase/Chart.yaml @@ -0,0 +1,5 @@ +description: | + This is a PostgreSQL backed Metabase (http://www.metabase.com/) deployment. Metabase is the easy, open source way for everyone in your company to ask questions and learn from data. +name: metabase +tags: analytics,database,metabase +version: v0.0.1 diff --git a/helm/metabase/Makefile b/helm/metabase/Makefile new file mode 100644 index 00000000..1e0f148f --- /dev/null +++ b/helm/metabase/Makefile @@ -0,0 +1,26 @@ +SHELL := /usr/bin/env bash + +# TODO Create a random password for metabase to access the metabase database +.PHONY: create-random-db-secret +create-random-db-secret: + kubectl create secret generic metabase-db-secret -n eb75ad-tools \ + --from-literal=metabase-postgres-user=metabase \ + --from-literal=metabase-postgres-password=$(shell bash -c 'echo $$RANDOM | md5sum | head -c 32') + + + +# This installs metabase in the gold production tools namespace +.PHONY: install +install: + helm install metabase . -n eb75ad-tools \ + -f values.yaml \ + -f "values-eb75ad-tools.yaml" \ + --set postgresql_password="$(shell bash -c 'echo $$RANDOM | md5sum | head -c 32')" + +# Upgrade will not regenerate the secrets +.PHONY: upgrade +upgrade: + helm upgrade --install metabase . \ + -n eb75ad-tools \ + -f values.yaml \ + -f "values-eb75ad-tools.yaml" diff --git a/helm/metabase/README.md b/helm/metabase/README.md new file mode 100644 index 00000000..243b4a99 --- /dev/null +++ b/helm/metabase/README.md @@ -0,0 +1,76 @@ +TO DO + +Figute out how metabase is configured in silver +Q: what namespace is it in? +A:tools + +Q: how does metabase connect to the + +Q: There are some TODO comments in the values file... how do I reference them? + +helm install "${NAME}" . -n "${NAMESPACE}" -f values.yaml -f "values-${NAMESPACE}-${NAME}.yaml" +Add a make file to build the metabase instance + +helm install metabase . -n c6af30-tools -f values.yaml -f "values-c6af30-tools.yaml" +helm uninstall metabase . -n c6af30-tools -f values.yaml -f "values-c6af30-tools.yaml" +A gold route: +https://sso-keycloak-eb75ad-dev.apps.gold.devops.gov.bc.ca/ + +cannot trigger a deployment for "metabase" because it contains unresolved images +--changed the image to match server + +New error on creating pods!! +(combined from similar events): +Error creating: +pods "metabase-1-nhhqp" is forbidden: +exceeded quota: compute-long-running-quota, +requested: limits.memory=4Gi,requests.cpu=500m, requests.memory=2Gi, used: limits.memory=1Gi,requests.cpu=50m,requests.memory=256Mi, limited: limits.memory=4Gi,requests.cpu=500m,requests.memory=2Gi + +Connection error to the db. +Create a network policy that allows communication between pods! + +Next problem: Route not working? + +Name: metabase +Namespace: c6af30-tools +Created: 21 hours ago +Labels: app=metabase + app.kubernetes.io/managed-by=Helm + service=metabase + template=metabase-postgresql-template +Annotations: meta.helm.sh/release-name=metabase + meta.helm.sh/release-namespace=c6af30-tools + openshift.io/host.generated=true +Requested Host: metabase-c6af30-tools.apps.gold.devops.gov.bc.ca + exposed on router default (host router-default.apps.gold.devops.gov.bc.ca) 21 hours ago +Path: +TLS Termination: edge +Insecure Policy: Redirect +Endpoint Port: + +Service: metabase +Weight: 100 (100%) +Endpoints: 10.97.20.140:3000 + +Name: metabase +Namespace: 6d70e7-tools +Created: 7 months ago +Labels: app=metabase + service=metabase + template=metabase-postgresql-template +Annotations: openshift.io/host.generated=true +Requested Host: metabase-6d70e7-tools.apps.silver.devops.gov.bc.ca + exposed on router default (host router-default.apps.silver.devops.gov.bc.ca) 2 months ago +Path: +TLS Termination: edge +Insecure Policy: Redirect +Endpoint Port: + +Service: metabase +Weight: 100 (100%) +Endpoints: 10.97.50.98:3000 + + + +- add the two network policies to the helm charts +- get the passwords loading properly done diff --git a/helm/metabase/templates/deploymentconfig.yaml b/helm/metabase/templates/deploymentconfig.yaml new file mode 100644 index 00000000..0e684f9f --- /dev/null +++ b/helm/metabase/templates/deploymentconfig.yaml @@ -0,0 +1,186 @@ +apiVersion: apps.openshift.io/v1 +kind: DeploymentConfig +metadata: + labels: + app: metabase + service: {{ .Values.metabase_service_name }} + template: metabase-postgresql-template + name: {{ .Values.metabase_service_name }}-postgresql +spec: + replicas: 1 + selector: + name: {{ .Values.metabase_service_name }}-postgresql + strategy: + type: Recreate + template: + metadata: + labels: + app: metabase + name: {{ .Values.metabase_service_name }}-postgresql + spec: + containers: + - env: + - name: POSTGRESQL_DATABASE + valueFrom: + secretKeyRef: + key: database + name: {{ .Values.metabase_service_name }}-postgresql-credentials + - name: POSTGRESQL_USER + valueFrom: + secretKeyRef: + key: username + name: {{ .Values.metabase_service_name }}-postgresql-credentials + - name: POSTGRESQL_PASSWORD + valueFrom: + secretKeyRef: + key: password + name: {{ .Values.metabase_service_name }}-postgresql-credentials + image: ' ' + imagePullPolicy: IfNotPresent + livenessProbe: + exec: + command: + - /bin/sh + - -i + - -c + - pg_isready -h 127.0.0.1 -p 5432 + initialDelaySeconds: 30 + timeoutSeconds: 1 + name: {{ .Values.metabase_service_name }}-postgresql + ports: + - containerPort: 5432 + protocol: TCP + readinessProbe: + exec: + command: + - /bin/sh + - -i + - -c + - psql -h 127.0.0.1 -U $POSTGRESQL_USER -q -d $POSTGRESQL_DATABASE -c + 'SELECT 1' + initialDelaySeconds: 5 + timeoutSeconds: 1 + terminationMessagePath: /dev/termination-log + volumeMounts: + - mountPath: /var/lib/pgsql/data + name: {{ .Values.metabase_service_name }}-postgresql-data + dnsPolicy: ClusterFirst + restartPolicy: Always + volumes: + - name: {{ .Values.metabase_service_name }}-postgresql-data + persistentVolumeClaim: + claimName: {{ .Values.metabase_service_name }}-postgresql + triggers: + - type: ConfigChange + - imageChangeParams: + automatic: true + containerNames: + - {{ .Values.metabase_service_name }}-postgresql + from: + kind: ImageStreamTag + name: postgresql:{{ .Values.postgresql_version }} + namespace: {{ .Values.postgresql_image_namespace }} + lastTriggeredImage: "" + type: ImageChange +--- +apiVersion: apps.openshift.io/v1 +kind: DeploymentConfig +metadata: + labels: + app: metabase + service: {{ .Values.metabase_service_name }} + template: metabase-postgresql-template + name: {{ .Values.metabase_service_name }} +spec: + replicas: 1 + selector: + app: metabase + deploymentconfig: {{ .Values.metabase_service_name }} + strategy: + type: Recreate + template: + metadata: + labels: + app: metabase + deploymentconfig: {{ .Values.metabase_service_name }} + service: {{ .Values.metabase_service_name }} + template: metabase + spec: + containers: + - args: + - -Xmx4096m + - -Xss512k + - -Dfile.encoding=UTF-8 + - -Dlogfile.path=target/log + - -XX:+CMSClassUnloadingEnabled + - -XX:+UseConcMarkSweepGC + - -server + - -jar + - /app/metabase.jar + command: + - java + env: + - name: MB_DB_TYPE + value: postgres + - name: MB_DB_HOST + value: {{ .Values.metabase_service_name }}-postgresql + - name: MB_DB_PORT + value: "5432" + - name: MB_DB_DBNAME + value: {{ .Values.postgresql_database }} + - name: MB_DB_USER + valueFrom: + secretKeyRef: + key: username + name: {{ .Values.metabase_service_name }}-postgresql-credentials + - name: MB_DB_PASS + valueFrom: + secretKeyRef: + key: password + name: {{ .Values.metabase_service_name }}-postgresql-credentials + image: {{ .Values.metabase_image }} + imagePullPolicy: Always + livenessProbe: + failureThreshold: 30 + httpGet: + path: / + port: 3000 + initialDelaySeconds: 240 + timeoutSeconds: 3 + name: {{ .Values.metabase_service_name }} + ports: + - containerPort: 3000 + name: {{ .Values.metabase_service_name }} + protocol: TCP + readinessProbe: + httpGet: + path: / + port: 3000 + initialDelaySeconds: 3 + timeoutSeconds: 3 + resources: + limits: + cpu: 500m + memory: 3Gi + requests: + cpu: 250m + memory: 1Gi + terminationMessagePath: /dev/termination-log + dnsPolicy: ClusterFirst + imagePullSecrets: + - name: artifactory-creds + restartPolicy: Always + serviceAccount: {{ .Values.metabase_service_name }} + serviceAccountName: {{ .Values.metabase_service_name }} + terminationGracePeriodSeconds: 30 + triggers: + - type: ConfigChange + - imageChangeParams: + automatic: true + containerNames: + - {{ .Values.metabase_service_name }} + from: + kind: ImageStreamTag + name: {{ .Values.metabase_service_name }}:latest + lastTriggeredImage: "" + type: ImageChange diff --git a/helm/metabase/templates/imagestream.yaml b/helm/metabase/templates/imagestream.yaml new file mode 100644 index 00000000..8fb093b0 --- /dev/null +++ b/helm/metabase/templates/imagestream.yaml @@ -0,0 +1,16 @@ +apiVersion: image.openshift.io/v1 +kind: ImageStream +metadata: + labels: + app: metabase + template: metabase-postgresql-template + name: {{ .Values.metabase_service_name }} +spec: + tags: + - from: + kind: DockerImage + name: {{ .Values.metabase_image }} + generation: 2 + name: latest + referencePolicy: + type: Source diff --git a/helm/metabase/templates/intra-project-comms.yaml b/helm/metabase/templates/intra-project-comms.yaml new file mode 100644 index 00000000..ec27efdb --- /dev/null +++ b/helm/metabase/templates/intra-project-comms.yaml @@ -0,0 +1,27 @@ +kind: NetworkPolicy +apiVersion: networking.k8s.io/v1 +metadata: + name: allow-same-namespace + namespace: {{ .Values.namespace }} +spec: + podSelector: {} + ingress: + - from: + - podSelector: {} + policyTypes: + - Ingress +--- +kind: NetworkPolicy +apiVersion: networking.k8s.io/v1 +metadata: + name: allow-from-openshift-ingress + namespace: {{ .Values.namespace }} +spec: + podSelector: {} + ingress: + - from: + - namespaceSelector: + matchLabels: + network.openshift.io/policy-group: ingress + policyTypes: + - Ingress diff --git a/helm/metabase/templates/persistentvolumeclaim.yaml b/helm/metabase/templates/persistentvolumeclaim.yaml new file mode 100644 index 00000000..5642392b --- /dev/null +++ b/helm/metabase/templates/persistentvolumeclaim.yaml @@ -0,0 +1,14 @@ +apiVersion: v1 +kind: PersistentVolumeClaim +metadata: + labels: + app: metabase + service: {{ .Values.metabase_service_name }} + template: metabase-postgresql-template + name: {{ .Values.metabase_service_name }}-postgresql +spec: + accessModes: + - ReadWriteOnce + resources: + requests: + storage: {{ .Values.postgresql_volume_capacity }} diff --git a/helm/metabase/templates/route.yaml b/helm/metabase/templates/route.yaml new file mode 100644 index 00000000..8c7cf5b0 --- /dev/null +++ b/helm/metabase/templates/route.yaml @@ -0,0 +1,15 @@ +apiVersion: route.openshift.io/v1 +kind: Route +metadata: + labels: + app: metabase + service: {{ .Values.metabase_service_name }} + template: metabase-postgresql-template + name: {{ .Values.metabase_service_name }} +spec: + tls: + insecureEdgeTerminationPolicy: Redirect + termination: edge + to: + kind: Service + name: {{ .Values.metabase_service_name }} diff --git a/helm/metabase/templates/secret.yaml b/helm/metabase/templates/secret.yaml new file mode 100644 index 00000000..39988f0e --- /dev/null +++ b/helm/metabase/templates/secret.yaml @@ -0,0 +1,13 @@ +apiVersion: v1 +kind: Secret +metadata: + labels: + app: metabase + service: {{ .Values.metabase_service_name }} + template: metabase-postgresql-template + name: {{ .Values.metabase_service_name }}-postgresql-credentials +stringData: + database: {{ .Values.postgresql_database }} + password: {{ .Values.postgresql_password }} + username: {{ .Values.postgresql_user }} +type: Opaque diff --git a/helm/metabase/templates/service.yaml b/helm/metabase/templates/service.yaml new file mode 100644 index 00000000..e39960dd --- /dev/null +++ b/helm/metabase/templates/service.yaml @@ -0,0 +1,41 @@ +apiVersion: v1 +kind: Service +metadata: + annotations: + template.openshift.io/expose-uri: http://{.spec.clusterIP}:{.spec.ports[?(.name=="{{ .Values.metabase_service_name }}")].port} + labels: + app: metabase + service: {{ .Values.metabase_service_name }} + template: metabase-postgresql-template + name: {{ .Values.metabase_service_name }} +spec: + ports: + - name: {{ .Values.metabase_service_name }} + port: 3000 + protocol: TCP + targetPort: 3000 + selector: + app: metabase + deploymentconfig: {{ .Values.metabase_service_name }} + sessionAffinity: None + type: ClusterIP +--- +apiVersion: v1 +kind: Service +metadata: + annotations: + template.openshift.io/expose-uri: postgres://{.spec.clusterIP}:{.spec.ports[?(.name=="{{ .Values.metabase_service_name }}-postgresql")].port} + labels: + app: metabase + template: metabase-postgresql-template + name: {{ .Values.metabase_service_name }}-postgresql +spec: + ports: + - name: {{ .Values.metabase_service_name }}-postgresql + port: 5432 + protocol: TCP + targetPort: 5432 + selector: + name: {{ .Values.metabase_service_name }}-postgresql + sessionAffinity: None + type: ClusterIP diff --git a/helm/metabase/templates/serviceaccount.yaml b/helm/metabase/templates/serviceaccount.yaml new file mode 100644 index 00000000..979397f7 --- /dev/null +++ b/helm/metabase/templates/serviceaccount.yaml @@ -0,0 +1,8 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: + app: metabase + service: {{ .Values.metabase_service_name }} + template: metabase-postgresql-template + name: {{ .Values.metabase_service_name }} diff --git a/helm/metabase/values-c6af30-tools.yaml b/helm/metabase/values-c6af30-tools.yaml new file mode 100644 index 00000000..af5f6627 --- /dev/null +++ b/helm/metabase/values-c6af30-tools.yaml @@ -0,0 +1,2 @@ +# postgresql_password: #Set in the Makefile +metabase_image: gcr.io/ggl-cas-storage/metabase:latest diff --git a/helm/metabase/values-eb75ad-tools.yaml b/helm/metabase/values-eb75ad-tools.yaml new file mode 100644 index 00000000..ca30f372 --- /dev/null +++ b/helm/metabase/values-eb75ad-tools.yaml @@ -0,0 +1,3 @@ +postgresql_password: #Add password! +metabase_image: gcr.io/ggl-cas-storage/metabase:latest +namespace: eb75ad-tools diff --git a/helm/metabase/values.yaml b/helm/metabase/values.yaml new file mode 100644 index 00000000..67fd69e0 --- /dev/null +++ b/helm/metabase/values.yaml @@ -0,0 +1,12 @@ +metabase_image: docker-remote.artifacts.developer.gov.bc.ca/metabase/metabase:latest +# metabase_route_host: '# TODO: must define a default value for .metabase_route_host' +metabase_service_name: metabase +postgresql_database: metabase +postgresql_image_namespace: openshift +postgresql_password: '# TODO: must define a default value for .postgresql_password' +postgresql_user: metabase +postgresql_version: "9.6" +postgresql_volume_capacity: 1Gi +namespace: "" +networkPolicies: + enabled: true From ffbbcfd93f46632ac8e4976915519a02ea8c3690 Mon Sep 17 00:00:00 2001 From: Jonathan Sharman Date: Tue, 19 Apr 2022 14:19:24 -0700 Subject: [PATCH 02/18] feat: metabase upgrade working after bringing the template files into a created project --- helm/metabase/.helmignore | 23 +++++ helm/metabase/Chart.yaml | 27 +++++- helm/metabase/Makefile | 3 +- helm/metabase/README.md | 76 ----------------- helm/metabase/templates/NOTES.txt | 22 +++++ helm/metabase/templates/_helpers.tpl | 62 ++++++++++++++ .../templates/tests/test-connection.yaml | 15 ++++ helm/metabase/values-c6af30-tools.yaml | 2 - helm/metabase/values-eb75ad-tools.yaml | 1 - helm/metabase/values.yaml | 84 ++++++++++++++++++- 10 files changed, 229 insertions(+), 86 deletions(-) create mode 100644 helm/metabase/.helmignore delete mode 100644 helm/metabase/README.md create mode 100644 helm/metabase/templates/NOTES.txt create mode 100644 helm/metabase/templates/_helpers.tpl create mode 100644 helm/metabase/templates/tests/test-connection.yaml delete mode 100644 helm/metabase/values-c6af30-tools.yaml diff --git a/helm/metabase/.helmignore b/helm/metabase/.helmignore new file mode 100644 index 00000000..0e8a0eb3 --- /dev/null +++ b/helm/metabase/.helmignore @@ -0,0 +1,23 @@ +# Patterns to ignore when building packages. +# This supports shell glob matching, relative path matching, and +# negation (prefixed with !). Only one pattern per line. +.DS_Store +# Common VCS dirs +.git/ +.gitignore +.bzr/ +.bzrignore +.hg/ +.hgignore +.svn/ +# Common backup files +*.swp +*.bak +*.tmp +*.orig +*~ +# Various IDEs +.project +.idea/ +*.tmproj +.vscode/ diff --git a/helm/metabase/Chart.yaml b/helm/metabase/Chart.yaml index 696e7bac..cd4d7afd 100644 --- a/helm/metabase/Chart.yaml +++ b/helm/metabase/Chart.yaml @@ -1,5 +1,24 @@ -description: | - This is a PostgreSQL backed Metabase (http://www.metabase.com/) deployment. Metabase is the easy, open source way for everyone in your company to ask questions and learn from data. +apiVersion: v2 name: metabase -tags: analytics,database,metabase -version: v0.0.1 +description: A Helm chart for Kubernetes + +# A chart can be either an 'application' or a 'library' chart. +# +# Application charts are a collection of templates that can be packaged into versioned archives +# to be deployed. +# +# Library charts provide useful utilities or functions for the chart developer. They're included as +# a dependency of application charts to inject those utilities and functions into the rendering +# pipeline. Library charts do not define any templates and therefore cannot be deployed. +type: application + +# This is the chart version. This version number should be incremented each time you make changes +# to the chart and its templates, including the app version. +# Versions are expected to follow Semantic Versioning (https://semver.org/) +version: 0.1.0 + +# This is the version number of the application being deployed. This version number should be +# incremented each time you make changes to the application. Versions are not expected to +# follow Semantic Versioning. They should reflect the version the application is using. +# It is recommended to use it with quotes. +appVersion: "1.16.0" diff --git a/helm/metabase/Makefile b/helm/metabase/Makefile index 1e0f148f..bbb84eff 100644 --- a/helm/metabase/Makefile +++ b/helm/metabase/Makefile @@ -23,4 +23,5 @@ upgrade: helm upgrade --install metabase . \ -n eb75ad-tools \ -f values.yaml \ - -f "values-eb75ad-tools.yaml" + -f "values-eb75ad-tools.yaml" \ + --set postgresql_password="$(shell bash -c 'echo $$RANDOM | md5sum | head -c 32')" diff --git a/helm/metabase/README.md b/helm/metabase/README.md deleted file mode 100644 index 243b4a99..00000000 --- a/helm/metabase/README.md +++ /dev/null @@ -1,76 +0,0 @@ -TO DO - -Figute out how metabase is configured in silver -Q: what namespace is it in? -A:tools - -Q: how does metabase connect to the - -Q: There are some TODO comments in the values file... how do I reference them? - -helm install "${NAME}" . -n "${NAMESPACE}" -f values.yaml -f "values-${NAMESPACE}-${NAME}.yaml" -Add a make file to build the metabase instance - -helm install metabase . -n c6af30-tools -f values.yaml -f "values-c6af30-tools.yaml" -helm uninstall metabase . -n c6af30-tools -f values.yaml -f "values-c6af30-tools.yaml" -A gold route: -https://sso-keycloak-eb75ad-dev.apps.gold.devops.gov.bc.ca/ - -cannot trigger a deployment for "metabase" because it contains unresolved images ---changed the image to match server - -New error on creating pods!! -(combined from similar events): -Error creating: -pods "metabase-1-nhhqp" is forbidden: -exceeded quota: compute-long-running-quota, -requested: limits.memory=4Gi,requests.cpu=500m, requests.memory=2Gi, used: limits.memory=1Gi,requests.cpu=50m,requests.memory=256Mi, limited: limits.memory=4Gi,requests.cpu=500m,requests.memory=2Gi - -Connection error to the db. -Create a network policy that allows communication between pods! - -Next problem: Route not working? - -Name: metabase -Namespace: c6af30-tools -Created: 21 hours ago -Labels: app=metabase - app.kubernetes.io/managed-by=Helm - service=metabase - template=metabase-postgresql-template -Annotations: meta.helm.sh/release-name=metabase - meta.helm.sh/release-namespace=c6af30-tools - openshift.io/host.generated=true -Requested Host: metabase-c6af30-tools.apps.gold.devops.gov.bc.ca - exposed on router default (host router-default.apps.gold.devops.gov.bc.ca) 21 hours ago -Path: -TLS Termination: edge -Insecure Policy: Redirect -Endpoint Port: - -Service: metabase -Weight: 100 (100%) -Endpoints: 10.97.20.140:3000 - -Name: metabase -Namespace: 6d70e7-tools -Created: 7 months ago -Labels: app=metabase - service=metabase - template=metabase-postgresql-template -Annotations: openshift.io/host.generated=true -Requested Host: metabase-6d70e7-tools.apps.silver.devops.gov.bc.ca - exposed on router default (host router-default.apps.silver.devops.gov.bc.ca) 2 months ago -Path: -TLS Termination: edge -Insecure Policy: Redirect -Endpoint Port: - -Service: metabase -Weight: 100 (100%) -Endpoints: 10.97.50.98:3000 - - - -- add the two network policies to the helm charts -- get the passwords loading properly done diff --git a/helm/metabase/templates/NOTES.txt b/helm/metabase/templates/NOTES.txt new file mode 100644 index 00000000..da0b4c41 --- /dev/null +++ b/helm/metabase/templates/NOTES.txt @@ -0,0 +1,22 @@ +1. Get the application URL by running these commands: +{{- if .Values.ingress.enabled }} +{{- range $host := .Values.ingress.hosts }} + {{- range .paths }} + http{{ if $.Values.ingress.tls }}s{{ end }}://{{ $host.host }}{{ .path }} + {{- end }} +{{- end }} +{{- else if contains "NodePort" .Values.service.type }} + export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "metabase.fullname" . }}) + export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") + echo http://$NODE_IP:$NODE_PORT +{{- else if contains "LoadBalancer" .Values.service.type }} + NOTE: It may take a few minutes for the LoadBalancer IP to be available. + You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "metabase.fullname" . }}' + export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "metabase.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}") + echo http://$SERVICE_IP:{{ .Values.service.port }} +{{- else if contains "ClusterIP" .Values.service.type }} + export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "metabase.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") + export CONTAINER_PORT=$(kubectl get pod --namespace {{ .Release.Namespace }} $POD_NAME -o jsonpath="{.spec.containers[0].ports[0].containerPort}") + echo "Visit http://127.0.0.1:8080 to use your application" + kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 8080:$CONTAINER_PORT +{{- end }} diff --git a/helm/metabase/templates/_helpers.tpl b/helm/metabase/templates/_helpers.tpl new file mode 100644 index 00000000..2c839d47 --- /dev/null +++ b/helm/metabase/templates/_helpers.tpl @@ -0,0 +1,62 @@ +{{/* +Expand the name of the chart. +*/}} +{{- define "metabase.name" -}} +{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Create a default fully qualified app name. +We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). +If release name contains chart name it will be used as a full name. +*/}} +{{- define "metabase.fullname" -}} +{{- if .Values.fullnameOverride }} +{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- $name := default .Chart.Name .Values.nameOverride }} +{{- if contains $name .Release.Name }} +{{- .Release.Name | trunc 63 | trimSuffix "-" }} +{{- else }} +{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }} +{{- end }} +{{- end }} +{{- end }} + +{{/* +Create chart name and version as used by the chart label. +*/}} +{{- define "metabase.chart" -}} +{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }} +{{- end }} + +{{/* +Common labels +*/}} +{{- define "metabase.labels" -}} +helm.sh/chart: {{ include "metabase.chart" . }} +{{ include "metabase.selectorLabels" . }} +{{- if .Chart.AppVersion }} +app.kubernetes.io/version: {{ .Chart.AppVersion | quote }} +{{- end }} +app.kubernetes.io/managed-by: {{ .Release.Service }} +{{- end }} + +{{/* +Selector labels +*/}} +{{- define "metabase.selectorLabels" -}} +app.kubernetes.io/name: {{ include "metabase.name" . }} +app.kubernetes.io/instance: {{ .Release.Name }} +{{- end }} + +{{/* +Create the name of the service account to use +*/}} +{{- define "metabase.serviceAccountName" -}} +{{- if .Values.serviceAccount.create }} +{{- default (include "metabase.fullname" .) .Values.serviceAccount.name }} +{{- else }} +{{- default "default" .Values.serviceAccount.name }} +{{- end }} +{{- end }} diff --git a/helm/metabase/templates/tests/test-connection.yaml b/helm/metabase/templates/tests/test-connection.yaml new file mode 100644 index 00000000..fef6447b --- /dev/null +++ b/helm/metabase/templates/tests/test-connection.yaml @@ -0,0 +1,15 @@ +apiVersion: v1 +kind: Pod +metadata: + name: "{{ include "metabase.fullname" . }}-test-connection" + labels: + {{- include "metabase.labels" . | nindent 4 }} + annotations: + "helm.sh/hook": test +spec: + containers: + - name: wget + image: busybox + command: ['wget'] + args: ['{{ include "metabase.fullname" . }}:{{ .Values.service.port }}'] + restartPolicy: Never diff --git a/helm/metabase/values-c6af30-tools.yaml b/helm/metabase/values-c6af30-tools.yaml deleted file mode 100644 index af5f6627..00000000 --- a/helm/metabase/values-c6af30-tools.yaml +++ /dev/null @@ -1,2 +0,0 @@ -# postgresql_password: #Set in the Makefile -metabase_image: gcr.io/ggl-cas-storage/metabase:latest diff --git a/helm/metabase/values-eb75ad-tools.yaml b/helm/metabase/values-eb75ad-tools.yaml index ca30f372..e4b27718 100644 --- a/helm/metabase/values-eb75ad-tools.yaml +++ b/helm/metabase/values-eb75ad-tools.yaml @@ -1,3 +1,2 @@ -postgresql_password: #Add password! metabase_image: gcr.io/ggl-cas-storage/metabase:latest namespace: eb75ad-tools diff --git a/helm/metabase/values.yaml b/helm/metabase/values.yaml index 67fd69e0..4de338d6 100644 --- a/helm/metabase/values.yaml +++ b/helm/metabase/values.yaml @@ -1,3 +1,85 @@ +# Default values for metabase. +# This is a YAML-formatted file. +# Declare variables to be passed into your templates. + +replicaCount: 1 + +image: + repository: nginx + pullPolicy: IfNotPresent + # Overrides the image tag whose default is the chart appVersion. + tag: "" + +imagePullSecrets: [] +nameOverride: "" +fullnameOverride: "" + +serviceAccount: + # Specifies whether a service account should be created + create: true + # Annotations to add to the service account + annotations: {} + # The name of the service account to use. + # If not set and create is true, a name is generated using the fullname template + name: "" + +podAnnotations: {} + +podSecurityContext: {} + # fsGroup: 2000 + +securityContext: {} + # capabilities: + # drop: + # - ALL + # readOnlyRootFilesystem: true + # runAsNonRoot: true + # runAsUser: 1000 + +service: + type: ClusterIP + port: 80 + +ingress: + enabled: false + className: "" + annotations: {} + # kubernetes.io/ingress.class: nginx + # kubernetes.io/tls-acme: "true" + hosts: + - host: chart-example.local + paths: + - path: / + pathType: ImplementationSpecific + tls: [] + # - secretName: chart-example-tls + # hosts: + # - chart-example.local + +resources: {} + # We usually recommend not to specify default resources and to leave this as a conscious + # choice for the user. This also increases chances charts run on environments with little + # resources, such as Minikube. If you do want to specify resources, uncomment the following + # lines, adjust them as necessary, and remove the curly braces after 'resources:'. + # limits: + # cpu: 100m + # memory: 128Mi + # requests: + # cpu: 100m + # memory: 128Mi + +autoscaling: + enabled: false + minReplicas: 1 + maxReplicas: 100 + targetCPUUtilizationPercentage: 80 + # targetMemoryUtilizationPercentage: 80 + +nodeSelector: {} + +tolerations: [] + +affinity: {} metabase_image: docker-remote.artifacts.developer.gov.bc.ca/metabase/metabase:latest # metabase_route_host: '# TODO: must define a default value for .metabase_route_host' metabase_service_name: metabase @@ -8,5 +90,3 @@ postgresql_user: metabase postgresql_version: "9.6" postgresql_volume_capacity: 1Gi namespace: "" -networkPolicies: - enabled: true From 2a32734f02dacb3a5176108972b4e5252cd86d2c Mon Sep 17 00:00:00 2001 From: Jonathan Sharman Date: Tue, 19 Apr 2022 18:32:46 -0700 Subject: [PATCH 03/18] feat: metabase Working state starting cleaning up the code --- helm/metabase/Makefile | 10 +-------- helm/metabase/README.md | 47 +++++++++++++++++++++++++++++++++++++++ helm/metabase/values.yaml | 6 ++--- 3 files changed, 51 insertions(+), 12 deletions(-) create mode 100644 helm/metabase/README.md diff --git a/helm/metabase/Makefile b/helm/metabase/Makefile index bbb84eff..6e872ee7 100644 --- a/helm/metabase/Makefile +++ b/helm/metabase/Makefile @@ -1,13 +1,5 @@ SHELL := /usr/bin/env bash -# TODO Create a random password for metabase to access the metabase database -.PHONY: create-random-db-secret -create-random-db-secret: - kubectl create secret generic metabase-db-secret -n eb75ad-tools \ - --from-literal=metabase-postgres-user=metabase \ - --from-literal=metabase-postgres-password=$(shell bash -c 'echo $$RANDOM | md5sum | head -c 32') - - # This installs metabase in the gold production tools namespace .PHONY: install @@ -17,7 +9,7 @@ install: -f "values-eb75ad-tools.yaml" \ --set postgresql_password="$(shell bash -c 'echo $$RANDOM | md5sum | head -c 32')" -# Upgrade will not regenerate the secrets +# Upgrade will change an existing metabase deployment. The secret gets regenerated each time this is run .PHONY: upgrade upgrade: helm upgrade --install metabase . \ diff --git a/helm/metabase/README.md b/helm/metabase/README.md new file mode 100644 index 00000000..1f092458 --- /dev/null +++ b/helm/metabase/README.md @@ -0,0 +1,47 @@ +# Metabase config docs + +## Installing metabase + +The two helm commands are run through the make file in this folder, `make install` and `make upgrade`. This will install and upgrade metabase in the Gold Production Tools namespace. If we need to install it somewhere else the script will need to be generalized. Note this helm chart has not been used to deploy the Silver cluster metabase instance. + +## Adding a databse to metabase: + +The Gold Metabase deployment can query any db in the gold cluster if the credentials are set up properly. In future it may extend to silver as well. The gold configuration requires two steps: + +### Set Network policies + +Metabase needs to access other namespaces. To allow access we must create a network policy in the namespace holding the target database. For the sso-patroni databases, this network policy is: + +``` +kind: NetworkPolicy +apiVersion: networking.k8s.io/v1 +metadata: + name: sso-dev-production-gold-metabase-access + namespace: eb75ad-dev +spec: + podSelector: + matchLabels: + app: sso-patroni + ingress: + - from: + - namespaceSelector: + matchLabels: + environment: tools + name: eb75ad + - podSelector: + matchLabels: + app: metabase + policyTypes: + - Ingress +``` + +### Connect to the database + +Metabase has a built in workflow for adding new databases. These will require the credentials for the target database. +The one complicated part of adding a db to the metabase account is the host. This follows the patern: + +``` +..svc.cluster.local +``` + +It is important to connect to the read only service if one is available. If the connection attempt times out, it is possible the network policy you created is not set up properly. diff --git a/helm/metabase/values.yaml b/helm/metabase/values.yaml index 4de338d6..cec10129 100644 --- a/helm/metabase/values.yaml +++ b/helm/metabase/values.yaml @@ -79,13 +79,13 @@ nodeSelector: {} tolerations: [] -affinity: {} +## These are the values that were needed by the Metabase helm templates generated by template2helm +## Note The ones above are created by the `healm create metabase`. metabase_image: docker-remote.artifacts.developer.gov.bc.ca/metabase/metabase:latest -# metabase_route_host: '# TODO: must define a default value for .metabase_route_host' metabase_service_name: metabase postgresql_database: metabase postgresql_image_namespace: openshift -postgresql_password: '# TODO: must define a default value for .postgresql_password' +postgresql_password: '' # Generated in the make file postgresql_user: metabase postgresql_version: "9.6" postgresql_volume_capacity: 1Gi From b9ced2d3c832dd818244a30ce7ee66391458bc89 Mon Sep 17 00:00:00 2001 From: Jonathan Sharman Date: Tue, 19 Apr 2022 18:45:10 -0700 Subject: [PATCH 04/18] feat: metabase Remove unused fields --- helm/metabase/values.yaml | 49 ++------------------------------------- 1 file changed, 2 insertions(+), 47 deletions(-) diff --git a/helm/metabase/values.yaml b/helm/metabase/values.yaml index cec10129..58c44eb1 100644 --- a/helm/metabase/values.yaml +++ b/helm/metabase/values.yaml @@ -1,16 +1,6 @@ -# Default values for metabase. -# This is a YAML-formatted file. -# Declare variables to be passed into your templates. +##The first part of the file was autogenerated by `helm create metabase` +## The fields at the bottom were created from the metabase deployment config -replicaCount: 1 - -image: - repository: nginx - pullPolicy: IfNotPresent - # Overrides the image tag whose default is the chart appVersion. - tag: "" - -imagePullSecrets: [] nameOverride: "" fullnameOverride: "" @@ -23,19 +13,6 @@ serviceAccount: # If not set and create is true, a name is generated using the fullname template name: "" -podAnnotations: {} - -podSecurityContext: {} - # fsGroup: 2000 - -securityContext: {} - # capabilities: - # drop: - # - ALL - # readOnlyRootFilesystem: true - # runAsNonRoot: true - # runAsUser: 1000 - service: type: ClusterIP port: 80 @@ -56,28 +33,6 @@ ingress: # hosts: # - chart-example.local -resources: {} - # We usually recommend not to specify default resources and to leave this as a conscious - # choice for the user. This also increases chances charts run on environments with little - # resources, such as Minikube. If you do want to specify resources, uncomment the following - # lines, adjust them as necessary, and remove the curly braces after 'resources:'. - # limits: - # cpu: 100m - # memory: 128Mi - # requests: - # cpu: 100m - # memory: 128Mi - -autoscaling: - enabled: false - minReplicas: 1 - maxReplicas: 100 - targetCPUUtilizationPercentage: 80 - # targetMemoryUtilizationPercentage: 80 - -nodeSelector: {} - -tolerations: [] ## These are the values that were needed by the Metabase helm templates generated by template2helm ## Note The ones above are created by the `healm create metabase`. From e2760dc62fc01a0cc556459afdea74e2c0971b35 Mon Sep 17 00:00:00 2001 From: Jonathan Sharman Date: Tue, 19 Apr 2022 21:23:41 -0700 Subject: [PATCH 05/18] feat: metabase fix pre comit hook in github action --- .github/workflows/pre-commit.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/pre-commit.yml b/.github/workflows/pre-commit.yml index 5e29aefd..a05d42a2 100644 --- a/.github/workflows/pre-commit.yml +++ b/.github/workflows/pre-commit.yml @@ -4,7 +4,7 @@ on: push jobs: pre-commit: - runs-on: ubuntu-18.04 + runs-on: ubuntu-20.04 steps: - uses: actions/checkout@v2 - name: Install asdf @@ -27,7 +27,7 @@ jobs: asdf reshim pre-commit run --color=always --show-diff-on-failure --all-files commitlint: - runs-on: ubuntu-18.04 + runs-on: ubuntu-20.04 steps: - uses: actions/checkout@v2 with: From 70622074e8333242c069e2b306d08770a43a772a Mon Sep 17 00:00:00 2001 From: Jonathan Sharman Date: Wed, 20 Apr 2022 09:08:48 -0700 Subject: [PATCH 06/18] feat: metabase reduce memory limit to 2Gi --- helm/metabase/templates/deploymentconfig.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/helm/metabase/templates/deploymentconfig.yaml b/helm/metabase/templates/deploymentconfig.yaml index 0e684f9f..ff20691c 100644 --- a/helm/metabase/templates/deploymentconfig.yaml +++ b/helm/metabase/templates/deploymentconfig.yaml @@ -161,7 +161,7 @@ spec: resources: limits: cpu: 500m - memory: 3Gi + memory: 2Gi requests: cpu: 250m memory: 1Gi From 7d637392a7d62dc9f892937ce11ab095dbd13bf4 Mon Sep 17 00:00:00 2001 From: Jonathan Sharman Date: Wed, 20 Apr 2022 10:49:10 -0700 Subject: [PATCH 07/18] feat: metabase remove the network policy from helm charst add it to the readme --- helm/metabase/README.md | 38 +++++++++++++++++++ .../templates/intra-project-comms.yaml | 27 ------------- 2 files changed, 38 insertions(+), 27 deletions(-) delete mode 100644 helm/metabase/templates/intra-project-comms.yaml diff --git a/helm/metabase/README.md b/helm/metabase/README.md index 1f092458..5446a416 100644 --- a/helm/metabase/README.md +++ b/helm/metabase/README.md @@ -2,6 +2,44 @@ ## Installing metabase +### Confirm network policies + +In order for metabase to deploy successfully, pods within the namespace must have access to each other. Ensure the the following two network policies are in place: + +``` +kind: NetworkPolicy +apiVersion: networking.k8s.io/v1 +metadata: + name: allow-same-namespace + namespace: +spec: + podSelector: {} + ingress: + - from: + - podSelector: {} + policyTypes: + - Ingress +--- +kind: NetworkPolicy +apiVersion: networking.k8s.io/v1 +metadata: + name: allow-from-openshift-ingress + namespace: +spec: + podSelector: {} + ingress: + - from: + - namespaceSelector: + matchLabels: + network.openshift.io/policy-group: ingress + policyTypes: + - Ingress +``` + +These network policies are fairly generic and may or may not already be configured in the namespace where Metabase is being deployed. + +### Install the helm charts + The two helm commands are run through the make file in this folder, `make install` and `make upgrade`. This will install and upgrade metabase in the Gold Production Tools namespace. If we need to install it somewhere else the script will need to be generalized. Note this helm chart has not been used to deploy the Silver cluster metabase instance. ## Adding a databse to metabase: diff --git a/helm/metabase/templates/intra-project-comms.yaml b/helm/metabase/templates/intra-project-comms.yaml deleted file mode 100644 index ec27efdb..00000000 --- a/helm/metabase/templates/intra-project-comms.yaml +++ /dev/null @@ -1,27 +0,0 @@ -kind: NetworkPolicy -apiVersion: networking.k8s.io/v1 -metadata: - name: allow-same-namespace - namespace: {{ .Values.namespace }} -spec: - podSelector: {} - ingress: - - from: - - podSelector: {} - policyTypes: - - Ingress ---- -kind: NetworkPolicy -apiVersion: networking.k8s.io/v1 -metadata: - name: allow-from-openshift-ingress - namespace: {{ .Values.namespace }} -spec: - podSelector: {} - ingress: - - from: - - namespaceSelector: - matchLabels: - network.openshift.io/policy-group: ingress - policyTypes: - - Ingress From 735140072b709f8c772ea2636352aa7ea4e45061 Mon Sep 17 00:00:00 2001 From: Jonathan Sharman Date: Wed, 20 Apr 2022 11:15:21 -0700 Subject: [PATCH 08/18] feat: metabase make the makefile more general --- helm/metabase/Makefile | 10 +++++----- helm/metabase/README.md | 15 +++++++++++++-- 2 files changed, 18 insertions(+), 7 deletions(-) diff --git a/helm/metabase/Makefile b/helm/metabase/Makefile index 6e872ee7..3b522429 100644 --- a/helm/metabase/Makefile +++ b/helm/metabase/Makefile @@ -1,19 +1,19 @@ SHELL := /usr/bin/env bash - +NAMESPACE="" # This installs metabase in the gold production tools namespace .PHONY: install install: - helm install metabase . -n eb75ad-tools \ + helm install metabase . -n ${NAMESPACE} \ -f values.yaml \ - -f "values-eb75ad-tools.yaml" \ + -f "values-${NAMESPACE}.yaml" \ --set postgresql_password="$(shell bash -c 'echo $$RANDOM | md5sum | head -c 32')" # Upgrade will change an existing metabase deployment. The secret gets regenerated each time this is run .PHONY: upgrade upgrade: helm upgrade --install metabase . \ - -n eb75ad-tools \ + -n ${NAMESPACE} \ -f values.yaml \ - -f "values-eb75ad-tools.yaml" \ + -f "values-${NAMESPACE}.yaml" \ --set postgresql_password="$(shell bash -c 'echo $$RANDOM | md5sum | head -c 32')" diff --git a/helm/metabase/README.md b/helm/metabase/README.md index 5446a416..a55d1d4c 100644 --- a/helm/metabase/README.md +++ b/helm/metabase/README.md @@ -19,7 +19,10 @@ spec: - podSelector: {} policyTypes: - Ingress ---- +``` +and + +``` kind: NetworkPolicy apiVersion: networking.k8s.io/v1 metadata: @@ -40,7 +43,15 @@ These network policies are fairly generic and may or may not already be configur ### Install the helm charts -The two helm commands are run through the make file in this folder, `make install` and `make upgrade`. This will install and upgrade metabase in the Gold Production Tools namespace. If we need to install it somewhere else the script will need to be generalized. Note this helm chart has not been used to deploy the Silver cluster metabase instance. +The two helm commands are run through the make file in this folder: + + `make install NAMESPACE=eb75ad-tools` + +and + + `make upgrade NAMESPACE=eb75ad-tools` + +This will install and upgrade metabase in the Gold Production Tools namespace. If we need to install it somewhere else the script will need to be generalized. Note this helm chart has not been used to deploy the Silver cluster metabase instance. ## Adding a databse to metabase: From c02d5dc92bc6fe68619ed7846f1d730720b85a5e Mon Sep 17 00:00:00 2001 From: Jonathan Sharman Date: Wed, 20 Apr 2022 13:13:53 -0700 Subject: [PATCH 09/18] feat: metabase renamed variables to cammel case --- helm/metabase/Makefile | 4 +- helm/metabase/templates/deploymentconfig.yaml | 60 +++++++++---------- helm/metabase/templates/imagestream.yaml | 4 +- .../templates/persistentvolumeclaim.yaml | 6 +- helm/metabase/templates/route.yaml | 6 +- helm/metabase/templates/secret.yaml | 10 ++-- helm/metabase/templates/service.yaml | 18 +++--- helm/metabase/templates/serviceaccount.yaml | 4 +- helm/metabase/values-eb75ad-tools.yaml | 2 +- helm/metabase/values.yaml | 16 ++--- 10 files changed, 65 insertions(+), 65 deletions(-) diff --git a/helm/metabase/Makefile b/helm/metabase/Makefile index 3b522429..42054d48 100644 --- a/helm/metabase/Makefile +++ b/helm/metabase/Makefile @@ -7,7 +7,7 @@ install: helm install metabase . -n ${NAMESPACE} \ -f values.yaml \ -f "values-${NAMESPACE}.yaml" \ - --set postgresql_password="$(shell bash -c 'echo $$RANDOM | md5sum | head -c 32')" + --set postgresqlPassword="$(shell bash -c 'echo $$RANDOM | md5sum | head -c 32')" # Upgrade will change an existing metabase deployment. The secret gets regenerated each time this is run .PHONY: upgrade @@ -16,4 +16,4 @@ upgrade: -n ${NAMESPACE} \ -f values.yaml \ -f "values-${NAMESPACE}.yaml" \ - --set postgresql_password="$(shell bash -c 'echo $$RANDOM | md5sum | head -c 32')" + --set postgresqlPassword="$(shell bash -c 'echo $$RANDOM | md5sum | head -c 32')" diff --git a/helm/metabase/templates/deploymentconfig.yaml b/helm/metabase/templates/deploymentconfig.yaml index ff20691c..7c6b2216 100644 --- a/helm/metabase/templates/deploymentconfig.yaml +++ b/helm/metabase/templates/deploymentconfig.yaml @@ -3,20 +3,20 @@ kind: DeploymentConfig metadata: labels: app: metabase - service: {{ .Values.metabase_service_name }} + service: {{ .Values.metabaseServiceName }} template: metabase-postgresql-template - name: {{ .Values.metabase_service_name }}-postgresql + name: {{ .Values.metabaseServiceName }}-postgresql spec: replicas: 1 selector: - name: {{ .Values.metabase_service_name }}-postgresql + name: {{ .Values.metabaseServiceName }}-postgresql strategy: type: Recreate template: metadata: labels: app: metabase - name: {{ .Values.metabase_service_name }}-postgresql + name: {{ .Values.metabaseServiceName }}-postgresql spec: containers: - env: @@ -24,17 +24,17 @@ spec: valueFrom: secretKeyRef: key: database - name: {{ .Values.metabase_service_name }}-postgresql-credentials + name: {{ .Values.metabaseServiceName }}-postgresql-credentials - name: POSTGRESQL_USER valueFrom: secretKeyRef: key: username - name: {{ .Values.metabase_service_name }}-postgresql-credentials + name: {{ .Values.metabaseServiceName }}-postgresql-credentials - name: POSTGRESQL_PASSWORD valueFrom: secretKeyRef: key: password - name: {{ .Values.metabase_service_name }}-postgresql-credentials + name: {{ .Values.metabaseServiceName }}-postgresql-credentials image: ' ' imagePullPolicy: IfNotPresent livenessProbe: @@ -46,7 +46,7 @@ spec: - pg_isready -h 127.0.0.1 -p 5432 initialDelaySeconds: 30 timeoutSeconds: 1 - name: {{ .Values.metabase_service_name }}-postgresql + name: {{ .Values.metabaseServiceName }}-postgresql ports: - containerPort: 5432 protocol: TCP @@ -63,23 +63,23 @@ spec: terminationMessagePath: /dev/termination-log volumeMounts: - mountPath: /var/lib/pgsql/data - name: {{ .Values.metabase_service_name }}-postgresql-data + name: {{ .Values.metabaseServiceName }}-postgresql-data dnsPolicy: ClusterFirst restartPolicy: Always volumes: - - name: {{ .Values.metabase_service_name }}-postgresql-data + - name: {{ .Values.metabaseServiceName }}-postgresql-data persistentVolumeClaim: - claimName: {{ .Values.metabase_service_name }}-postgresql + claimName: {{ .Values.metabaseServiceName }}-postgresql triggers: - type: ConfigChange - imageChangeParams: automatic: true containerNames: - - {{ .Values.metabase_service_name }}-postgresql + - {{ .Values.metabaseServiceName }}-postgresql from: kind: ImageStreamTag - name: postgresql:{{ .Values.postgresql_version }} - namespace: {{ .Values.postgresql_image_namespace }} + name: postgresql:{{ .Values.postgresqlVersion }} + namespace: {{ .Values.postgresqlImageNamespace }} lastTriggeredImage: "" type: ImageChange --- @@ -88,22 +88,22 @@ kind: DeploymentConfig metadata: labels: app: metabase - service: {{ .Values.metabase_service_name }} + service: {{ .Values.metabaseServiceName }} template: metabase-postgresql-template - name: {{ .Values.metabase_service_name }} + name: {{ .Values.metabaseServiceName }} spec: replicas: 1 selector: app: metabase - deploymentconfig: {{ .Values.metabase_service_name }} + deploymentconfig: {{ .Values.metabaseServiceName }} strategy: type: Recreate template: metadata: labels: app: metabase - deploymentconfig: {{ .Values.metabase_service_name }} - service: {{ .Values.metabase_service_name }} + deploymentconfig: {{ .Values.metabaseServiceName }} + service: {{ .Values.metabaseServiceName }} template: metabase spec: containers: @@ -123,22 +123,22 @@ spec: - name: MB_DB_TYPE value: postgres - name: MB_DB_HOST - value: {{ .Values.metabase_service_name }}-postgresql + value: {{ .Values.metabaseServiceName }}-postgresql - name: MB_DB_PORT value: "5432" - name: MB_DB_DBNAME - value: {{ .Values.postgresql_database }} + value: {{ .Values.postgresqlDatabase }} - name: MB_DB_USER valueFrom: secretKeyRef: key: username - name: {{ .Values.metabase_service_name }}-postgresql-credentials + name: {{ .Values.metabaseServiceName }}-postgresql-credentials - name: MB_DB_PASS valueFrom: secretKeyRef: key: password - name: {{ .Values.metabase_service_name }}-postgresql-credentials - image: {{ .Values.metabase_image }} + name: {{ .Values.metabaseServiceName }}-postgresql-credentials + image: {{ .Values.metabaseImage }} imagePullPolicy: Always livenessProbe: failureThreshold: 30 @@ -147,10 +147,10 @@ spec: port: 3000 initialDelaySeconds: 240 timeoutSeconds: 3 - name: {{ .Values.metabase_service_name }} + name: {{ .Values.metabaseServiceName }} ports: - containerPort: 3000 - name: {{ .Values.metabase_service_name }} + name: {{ .Values.metabaseServiceName }} protocol: TCP readinessProbe: httpGet: @@ -170,17 +170,17 @@ spec: imagePullSecrets: - name: artifactory-creds restartPolicy: Always - serviceAccount: {{ .Values.metabase_service_name }} - serviceAccountName: {{ .Values.metabase_service_name }} + serviceAccount: {{ .Values.metabaseServiceName }} + serviceAccountName: {{ .Values.metabaseServiceName }} terminationGracePeriodSeconds: 30 triggers: - type: ConfigChange - imageChangeParams: automatic: true containerNames: - - {{ .Values.metabase_service_name }} + - {{ .Values.metabaseServiceName }} from: kind: ImageStreamTag - name: {{ .Values.metabase_service_name }}:latest + name: {{ .Values.metabaseServiceName }}:latest lastTriggeredImage: "" type: ImageChange diff --git a/helm/metabase/templates/imagestream.yaml b/helm/metabase/templates/imagestream.yaml index 8fb093b0..96bb3a9c 100644 --- a/helm/metabase/templates/imagestream.yaml +++ b/helm/metabase/templates/imagestream.yaml @@ -4,12 +4,12 @@ metadata: labels: app: metabase template: metabase-postgresql-template - name: {{ .Values.metabase_service_name }} + name: {{ .Values.metabaseServiceName }} spec: tags: - from: kind: DockerImage - name: {{ .Values.metabase_image }} + name: {{ .Values.metabaseImage }} generation: 2 name: latest referencePolicy: diff --git a/helm/metabase/templates/persistentvolumeclaim.yaml b/helm/metabase/templates/persistentvolumeclaim.yaml index 5642392b..b08b1520 100644 --- a/helm/metabase/templates/persistentvolumeclaim.yaml +++ b/helm/metabase/templates/persistentvolumeclaim.yaml @@ -3,12 +3,12 @@ kind: PersistentVolumeClaim metadata: labels: app: metabase - service: {{ .Values.metabase_service_name }} + service: {{ .Values.metabaseServiceName }} template: metabase-postgresql-template - name: {{ .Values.metabase_service_name }}-postgresql + name: {{ .Values.metabaseServiceName }}-postgresql spec: accessModes: - ReadWriteOnce resources: requests: - storage: {{ .Values.postgresql_volume_capacity }} + storage: {{ .Values.postgresqlVolumeCapacity }} diff --git a/helm/metabase/templates/route.yaml b/helm/metabase/templates/route.yaml index 8c7cf5b0..908c9cf5 100644 --- a/helm/metabase/templates/route.yaml +++ b/helm/metabase/templates/route.yaml @@ -3,13 +3,13 @@ kind: Route metadata: labels: app: metabase - service: {{ .Values.metabase_service_name }} + service: {{ .Values.metabaseServiceName }} template: metabase-postgresql-template - name: {{ .Values.metabase_service_name }} + name: {{ .Values.metabaseServiceName }} spec: tls: insecureEdgeTerminationPolicy: Redirect termination: edge to: kind: Service - name: {{ .Values.metabase_service_name }} + name: {{ .Values.metabaseServiceName }} diff --git a/helm/metabase/templates/secret.yaml b/helm/metabase/templates/secret.yaml index 39988f0e..7275d32f 100644 --- a/helm/metabase/templates/secret.yaml +++ b/helm/metabase/templates/secret.yaml @@ -3,11 +3,11 @@ kind: Secret metadata: labels: app: metabase - service: {{ .Values.metabase_service_name }} + service: {{ .Values.metabaseServiceName }} template: metabase-postgresql-template - name: {{ .Values.metabase_service_name }}-postgresql-credentials + name: {{ .Values.metabaseServiceName }}-postgresql-credentials stringData: - database: {{ .Values.postgresql_database }} - password: {{ .Values.postgresql_password }} - username: {{ .Values.postgresql_user }} + database: {{ .Values.postgresqlDatabase }} + password: {{ .Values.postgresqlPassword }} + username: {{ .Values.postgresqlUser }} type: Opaque diff --git a/helm/metabase/templates/service.yaml b/helm/metabase/templates/service.yaml index e39960dd..fa435f71 100644 --- a/helm/metabase/templates/service.yaml +++ b/helm/metabase/templates/service.yaml @@ -2,21 +2,21 @@ apiVersion: v1 kind: Service metadata: annotations: - template.openshift.io/expose-uri: http://{.spec.clusterIP}:{.spec.ports[?(.name=="{{ .Values.metabase_service_name }}")].port} + template.openshift.io/expose-uri: http://{.spec.clusterIP}:{.spec.ports[?(.name=="{{ .Values.metabaseServiceName }}")].port} labels: app: metabase - service: {{ .Values.metabase_service_name }} + service: {{ .Values.metabaseServiceName }} template: metabase-postgresql-template - name: {{ .Values.metabase_service_name }} + name: {{ .Values.metabaseServiceName }} spec: ports: - - name: {{ .Values.metabase_service_name }} + - name: {{ .Values.metabaseServiceName }} port: 3000 protocol: TCP targetPort: 3000 selector: app: metabase - deploymentconfig: {{ .Values.metabase_service_name }} + deploymentconfig: {{ .Values.metabaseServiceName }} sessionAffinity: None type: ClusterIP --- @@ -24,18 +24,18 @@ apiVersion: v1 kind: Service metadata: annotations: - template.openshift.io/expose-uri: postgres://{.spec.clusterIP}:{.spec.ports[?(.name=="{{ .Values.metabase_service_name }}-postgresql")].port} + template.openshift.io/expose-uri: postgres://{.spec.clusterIP}:{.spec.ports[?(.name=="{{ .Values.metabaseServiceName }}-postgresql")].port} labels: app: metabase template: metabase-postgresql-template - name: {{ .Values.metabase_service_name }}-postgresql + name: {{ .Values.metabaseServiceName }}-postgresql spec: ports: - - name: {{ .Values.metabase_service_name }}-postgresql + - name: {{ .Values.metabaseServiceName }}-postgresql port: 5432 protocol: TCP targetPort: 5432 selector: - name: {{ .Values.metabase_service_name }}-postgresql + name: {{ .Values.metabaseServiceName }}-postgresql sessionAffinity: None type: ClusterIP diff --git a/helm/metabase/templates/serviceaccount.yaml b/helm/metabase/templates/serviceaccount.yaml index 979397f7..cc3a15a0 100644 --- a/helm/metabase/templates/serviceaccount.yaml +++ b/helm/metabase/templates/serviceaccount.yaml @@ -3,6 +3,6 @@ kind: ServiceAccount metadata: labels: app: metabase - service: {{ .Values.metabase_service_name }} + service: {{ .Values.metabaseServiceName }} template: metabase-postgresql-template - name: {{ .Values.metabase_service_name }} + name: {{ .Values.metabaseServiceName }} diff --git a/helm/metabase/values-eb75ad-tools.yaml b/helm/metabase/values-eb75ad-tools.yaml index e4b27718..18a88158 100644 --- a/helm/metabase/values-eb75ad-tools.yaml +++ b/helm/metabase/values-eb75ad-tools.yaml @@ -1,2 +1,2 @@ -metabase_image: gcr.io/ggl-cas-storage/metabase:latest +metabaseImage: gcr.io/ggl-cas-storage/metabase:latest namespace: eb75ad-tools diff --git a/helm/metabase/values.yaml b/helm/metabase/values.yaml index 58c44eb1..cbdca884 100644 --- a/helm/metabase/values.yaml +++ b/helm/metabase/values.yaml @@ -36,12 +36,12 @@ ingress: ## These are the values that were needed by the Metabase helm templates generated by template2helm ## Note The ones above are created by the `healm create metabase`. -metabase_image: docker-remote.artifacts.developer.gov.bc.ca/metabase/metabase:latest -metabase_service_name: metabase -postgresql_database: metabase -postgresql_image_namespace: openshift -postgresql_password: '' # Generated in the make file -postgresql_user: metabase -postgresql_version: "9.6" -postgresql_volume_capacity: 1Gi +metabaseImage: docker-remote.artifacts.developer.gov.bc.ca/metabase/metabase:latest +metabaseServiceName: metabase +postgresqlDatabase: metabase +postgresqlImageNamespace: openshift +postgresqlPassword: '' # Generated in the make file +postgresqlUser: metabase +postgresqlVersion: "9.6" +postgresqlVolumeCapacity: 1Gi namespace: "" From ba2b913db8a421b0bceec576de92a2732764d172 Mon Sep 17 00:00:00 2001 From: Jonathan Sharman Date: Wed, 20 Apr 2022 13:38:54 -0700 Subject: [PATCH 10/18] feat: metabase used the labels in the helper function to reduce boilerplate --- helm/metabase/templates/_helpers.tpl | 3 +++ helm/metabase/templates/deploymentconfig.yaml | 10 ++-------- helm/metabase/templates/persistentvolumeclaim.yaml | 5 +---- helm/metabase/templates/route.yaml | 5 +---- helm/metabase/templates/secret.yaml | 5 +---- helm/metabase/templates/service.yaml | 5 +---- helm/metabase/templates/serviceaccount.yaml | 5 +---- 7 files changed, 10 insertions(+), 28 deletions(-) diff --git a/helm/metabase/templates/_helpers.tpl b/helm/metabase/templates/_helpers.tpl index 2c839d47..18fcb20b 100644 --- a/helm/metabase/templates/_helpers.tpl +++ b/helm/metabase/templates/_helpers.tpl @@ -34,6 +34,9 @@ Create chart name and version as used by the chart label. Common labels */}} {{- define "metabase.labels" -}} +app: metabase +service: {{ .Values.metabaseServiceName }} +template: metabase-postgresql-template helm.sh/chart: {{ include "metabase.chart" . }} {{ include "metabase.selectorLabels" . }} {{- if .Chart.AppVersion }} diff --git a/helm/metabase/templates/deploymentconfig.yaml b/helm/metabase/templates/deploymentconfig.yaml index 7c6b2216..207659b6 100644 --- a/helm/metabase/templates/deploymentconfig.yaml +++ b/helm/metabase/templates/deploymentconfig.yaml @@ -1,10 +1,7 @@ apiVersion: apps.openshift.io/v1 kind: DeploymentConfig metadata: - labels: - app: metabase - service: {{ .Values.metabaseServiceName }} - template: metabase-postgresql-template + labels: {{ include "metabase.labels" . | nindent 4 }} name: {{ .Values.metabaseServiceName }}-postgresql spec: replicas: 1 @@ -86,10 +83,7 @@ spec: apiVersion: apps.openshift.io/v1 kind: DeploymentConfig metadata: - labels: - app: metabase - service: {{ .Values.metabaseServiceName }} - template: metabase-postgresql-template + labels: {{ include "metabase.labels" . | nindent 4 }} name: {{ .Values.metabaseServiceName }} spec: replicas: 1 diff --git a/helm/metabase/templates/persistentvolumeclaim.yaml b/helm/metabase/templates/persistentvolumeclaim.yaml index b08b1520..ee6aef1a 100644 --- a/helm/metabase/templates/persistentvolumeclaim.yaml +++ b/helm/metabase/templates/persistentvolumeclaim.yaml @@ -1,10 +1,7 @@ apiVersion: v1 kind: PersistentVolumeClaim metadata: - labels: - app: metabase - service: {{ .Values.metabaseServiceName }} - template: metabase-postgresql-template + labels: {{ include "metabase.labels" . | nindent 4 }} name: {{ .Values.metabaseServiceName }}-postgresql spec: accessModes: diff --git a/helm/metabase/templates/route.yaml b/helm/metabase/templates/route.yaml index 908c9cf5..47ab3303 100644 --- a/helm/metabase/templates/route.yaml +++ b/helm/metabase/templates/route.yaml @@ -1,10 +1,7 @@ apiVersion: route.openshift.io/v1 kind: Route metadata: - labels: - app: metabase - service: {{ .Values.metabaseServiceName }} - template: metabase-postgresql-template + labels: {{ include "metabase.labels" . | nindent 4 }} name: {{ .Values.metabaseServiceName }} spec: tls: diff --git a/helm/metabase/templates/secret.yaml b/helm/metabase/templates/secret.yaml index 7275d32f..ed79bce6 100644 --- a/helm/metabase/templates/secret.yaml +++ b/helm/metabase/templates/secret.yaml @@ -1,10 +1,7 @@ apiVersion: v1 kind: Secret metadata: - labels: - app: metabase - service: {{ .Values.metabaseServiceName }} - template: metabase-postgresql-template + labels: {{ include "metabase.labels" . | nindent 4 }} name: {{ .Values.metabaseServiceName }}-postgresql-credentials stringData: database: {{ .Values.postgresqlDatabase }} diff --git a/helm/metabase/templates/service.yaml b/helm/metabase/templates/service.yaml index fa435f71..786ca84c 100644 --- a/helm/metabase/templates/service.yaml +++ b/helm/metabase/templates/service.yaml @@ -3,10 +3,7 @@ kind: Service metadata: annotations: template.openshift.io/expose-uri: http://{.spec.clusterIP}:{.spec.ports[?(.name=="{{ .Values.metabaseServiceName }}")].port} - labels: - app: metabase - service: {{ .Values.metabaseServiceName }} - template: metabase-postgresql-template + labels: {{ include "metabase.labels" . | nindent 4 }} name: {{ .Values.metabaseServiceName }} spec: ports: diff --git a/helm/metabase/templates/serviceaccount.yaml b/helm/metabase/templates/serviceaccount.yaml index cc3a15a0..92211a35 100644 --- a/helm/metabase/templates/serviceaccount.yaml +++ b/helm/metabase/templates/serviceaccount.yaml @@ -1,8 +1,5 @@ apiVersion: v1 kind: ServiceAccount metadata: - labels: - app: metabase - service: {{ .Values.metabaseServiceName }} - template: metabase-postgresql-template + labels: {{ include "metabase.labels" . | nindent 4 }} name: {{ .Values.metabaseServiceName }} From 2c59bd222f86c4d3322343c2fe5a6c9f831d3920 Mon Sep 17 00:00:00 2001 From: Jonathan Sharman Date: Wed, 20 Apr 2022 13:59:13 -0700 Subject: [PATCH 11/18] feat: metabase generalize the documentation readme --- helm/metabase/README.md | 19 ++++++++++++++----- 1 file changed, 14 insertions(+), 5 deletions(-) diff --git a/helm/metabase/README.md b/helm/metabase/README.md index a55d1d4c..7b457e70 100644 --- a/helm/metabase/README.md +++ b/helm/metabase/README.md @@ -65,18 +65,18 @@ Metabase needs to access other namespaces. To allow access we must create a net kind: NetworkPolicy apiVersion: networking.k8s.io/v1 metadata: - name: sso-dev-production-gold-metabase-access - namespace: eb75ad-dev + name: -metabase-access + namespace: spec: podSelector: matchLabels: - app: sso-patroni + app: ingress: - from: - namespaceSelector: matchLabels: - environment: tools - name: eb75ad + environment: + name: - podSelector: matchLabels: app: metabase @@ -84,6 +84,15 @@ spec: - Ingress ``` +The config for Gold Metabase are: + +``` + DATABASE CLUSTER TAG: sso-patroni + METABASE NAMESPACE ENVIRONMENT: tools + METABASE NAMESPACE LICENCE PLATE: eb75ad +``` + + ### Connect to the database Metabase has a built in workflow for adding new databases. These will require the credentials for the target database. From f94cc59ebb9a10c7dfd2dd87b0f8035ed2a4c9c2 Mon Sep 17 00:00:00 2001 From: Jonathan Sharman Date: Wed, 20 Apr 2022 14:26:33 -0700 Subject: [PATCH 12/18] feat: metabase delete the image stream and service account --- helm/metabase/templates/imagestream.yaml | 16 ---------------- helm/metabase/templates/serviceaccount.yaml | 5 ----- 2 files changed, 21 deletions(-) delete mode 100644 helm/metabase/templates/imagestream.yaml delete mode 100644 helm/metabase/templates/serviceaccount.yaml diff --git a/helm/metabase/templates/imagestream.yaml b/helm/metabase/templates/imagestream.yaml deleted file mode 100644 index 96bb3a9c..00000000 --- a/helm/metabase/templates/imagestream.yaml +++ /dev/null @@ -1,16 +0,0 @@ -apiVersion: image.openshift.io/v1 -kind: ImageStream -metadata: - labels: - app: metabase - template: metabase-postgresql-template - name: {{ .Values.metabaseServiceName }} -spec: - tags: - - from: - kind: DockerImage - name: {{ .Values.metabaseImage }} - generation: 2 - name: latest - referencePolicy: - type: Source diff --git a/helm/metabase/templates/serviceaccount.yaml b/helm/metabase/templates/serviceaccount.yaml deleted file mode 100644 index 92211a35..00000000 --- a/helm/metabase/templates/serviceaccount.yaml +++ /dev/null @@ -1,5 +0,0 @@ -apiVersion: v1 -kind: ServiceAccount -metadata: - labels: {{ include "metabase.labels" . | nindent 4 }} - name: {{ .Values.metabaseServiceName }} From 2cdf2c32fea179d91d47afbd1b6239ecd87e51dd Mon Sep 17 00:00:00 2001 From: Jonathan Sharman Date: Wed, 20 Apr 2022 14:58:56 -0700 Subject: [PATCH 13/18] feat: metabase Cut out the boiler plate from the notes file --- helm/metabase/templates/NOTES.txt | 25 +++---------------------- 1 file changed, 3 insertions(+), 22 deletions(-) diff --git a/helm/metabase/templates/NOTES.txt b/helm/metabase/templates/NOTES.txt index da0b4c41..3d4a9365 100644 --- a/helm/metabase/templates/NOTES.txt +++ b/helm/metabase/templates/NOTES.txt @@ -1,22 +1,3 @@ -1. Get the application URL by running these commands: -{{- if .Values.ingress.enabled }} -{{- range $host := .Values.ingress.hosts }} - {{- range .paths }} - http{{ if $.Values.ingress.tls }}s{{ end }}://{{ $host.host }}{{ .path }} - {{- end }} -{{- end }} -{{- else if contains "NodePort" .Values.service.type }} - export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "metabase.fullname" . }}) - export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}") - echo http://$NODE_IP:$NODE_PORT -{{- else if contains "LoadBalancer" .Values.service.type }} - NOTE: It may take a few minutes for the LoadBalancer IP to be available. - You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "metabase.fullname" . }}' - export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "metabase.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}") - echo http://$SERVICE_IP:{{ .Values.service.port }} -{{- else if contains "ClusterIP" .Values.service.type }} - export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "metabase.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}") - export CONTAINER_PORT=$(kubectl get pod --namespace {{ .Release.Namespace }} $POD_NAME -o jsonpath="{.spec.containers[0].ports[0].containerPort}") - echo "Visit http://127.0.0.1:8080 to use your application" - kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 8080:$CONTAINER_PORT -{{- end }} +1. Get the application URL by running the command: + +oc -n {{.Values.namespace}} get routes From adb1b15322e773b586f7b0fd2ae523b13ea728df Mon Sep 17 00:00:00 2001 From: Jonathan Sharman Date: Wed, 20 Apr 2022 15:12:30 -0700 Subject: [PATCH 14/18] feat: metabase Change the description of the helm chart --- helm/metabase/Chart.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/helm/metabase/Chart.yaml b/helm/metabase/Chart.yaml index cd4d7afd..d702c4df 100644 --- a/helm/metabase/Chart.yaml +++ b/helm/metabase/Chart.yaml @@ -1,6 +1,6 @@ apiVersion: v2 name: metabase -description: A Helm chart for Kubernetes +description: A Helm chart for metabase # A chart can be either an 'application' or a 'library' chart. # From b5bf0000715cc43068a136300884336e2c1218c9 Mon Sep 17 00:00:00 2001 From: Jonathan Sharman Date: Wed, 20 Apr 2022 18:01:32 -0700 Subject: [PATCH 15/18] feat: metabase restored service account because it was needed --- helm/metabase/Makefile | 4 ++-- helm/metabase/templates/deploymentconfig.yaml | 8 +++---- .../templates/persistentvolumeclaim.yaml | 2 +- helm/metabase/templates/secret.yaml | 6 ++--- helm/metabase/templates/serviceaccount.yaml | 5 +++++ helm/metabase/values-eb75ad-tools.yaml | 4 +++- helm/metabase/values.yaml | 22 ++++++++++++++----- 7 files changed, 34 insertions(+), 17 deletions(-) create mode 100644 helm/metabase/templates/serviceaccount.yaml diff --git a/helm/metabase/Makefile b/helm/metabase/Makefile index 42054d48..a79f2080 100644 --- a/helm/metabase/Makefile +++ b/helm/metabase/Makefile @@ -7,7 +7,7 @@ install: helm install metabase . -n ${NAMESPACE} \ -f values.yaml \ -f "values-${NAMESPACE}.yaml" \ - --set postgresqlPassword="$(shell bash -c 'echo $$RANDOM | md5sum | head -c 32')" + --set postgresql.password="$(shell bash -c 'echo $$RANDOM | md5sum | head -c 32')" # Upgrade will change an existing metabase deployment. The secret gets regenerated each time this is run .PHONY: upgrade @@ -16,4 +16,4 @@ upgrade: -n ${NAMESPACE} \ -f values.yaml \ -f "values-${NAMESPACE}.yaml" \ - --set postgresqlPassword="$(shell bash -c 'echo $$RANDOM | md5sum | head -c 32')" + --set postgresql.password="$(shell bash -c 'echo $$RANDOM | md5sum | head -c 32')" diff --git a/helm/metabase/templates/deploymentconfig.yaml b/helm/metabase/templates/deploymentconfig.yaml index 207659b6..48dd5822 100644 --- a/helm/metabase/templates/deploymentconfig.yaml +++ b/helm/metabase/templates/deploymentconfig.yaml @@ -75,7 +75,7 @@ spec: - {{ .Values.metabaseServiceName }}-postgresql from: kind: ImageStreamTag - name: postgresql:{{ .Values.postgresqlVersion }} + name: postgresql:{{ .Values.postgresql.version }} namespace: {{ .Values.postgresqlImageNamespace }} lastTriggeredImage: "" type: ImageChange @@ -121,7 +121,7 @@ spec: - name: MB_DB_PORT value: "5432" - name: MB_DB_DBNAME - value: {{ .Values.postgresqlDatabase }} + value: {{ .Values.postgresql.database }} - name: MB_DB_USER valueFrom: secretKeyRef: @@ -132,8 +132,8 @@ spec: secretKeyRef: key: password name: {{ .Values.metabaseServiceName }}-postgresql-credentials - image: {{ .Values.metabaseImage }} - imagePullPolicy: Always + image: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" + imagePullPolicy: {{ .Values.image.pullPolicy }} livenessProbe: failureThreshold: 30 httpGet: diff --git a/helm/metabase/templates/persistentvolumeclaim.yaml b/helm/metabase/templates/persistentvolumeclaim.yaml index ee6aef1a..913a9fcd 100644 --- a/helm/metabase/templates/persistentvolumeclaim.yaml +++ b/helm/metabase/templates/persistentvolumeclaim.yaml @@ -8,4 +8,4 @@ spec: - ReadWriteOnce resources: requests: - storage: {{ .Values.postgresqlVolumeCapacity }} + storage: {{ .Values.postgresql.persistence.size }} diff --git a/helm/metabase/templates/secret.yaml b/helm/metabase/templates/secret.yaml index ed79bce6..2a25714c 100644 --- a/helm/metabase/templates/secret.yaml +++ b/helm/metabase/templates/secret.yaml @@ -4,7 +4,7 @@ metadata: labels: {{ include "metabase.labels" . | nindent 4 }} name: {{ .Values.metabaseServiceName }}-postgresql-credentials stringData: - database: {{ .Values.postgresqlDatabase }} - password: {{ .Values.postgresqlPassword }} - username: {{ .Values.postgresqlUser }} + database: {{ .Values.postgresql.database }} + password: {{ .Values.postgresql.password }} + username: {{ .Values.postgresql.user }} type: Opaque diff --git a/helm/metabase/templates/serviceaccount.yaml b/helm/metabase/templates/serviceaccount.yaml new file mode 100644 index 00000000..92211a35 --- /dev/null +++ b/helm/metabase/templates/serviceaccount.yaml @@ -0,0 +1,5 @@ +apiVersion: v1 +kind: ServiceAccount +metadata: + labels: {{ include "metabase.labels" . | nindent 4 }} + name: {{ .Values.metabaseServiceName }} diff --git a/helm/metabase/values-eb75ad-tools.yaml b/helm/metabase/values-eb75ad-tools.yaml index 18a88158..248500b8 100644 --- a/helm/metabase/values-eb75ad-tools.yaml +++ b/helm/metabase/values-eb75ad-tools.yaml @@ -1,2 +1,4 @@ -metabaseImage: gcr.io/ggl-cas-storage/metabase:latest namespace: eb75ad-tools + +image: + repository: gcr.io/ggl-cas-storage/metabase diff --git a/helm/metabase/values.yaml b/helm/metabase/values.yaml index cbdca884..9429898e 100644 --- a/helm/metabase/values.yaml +++ b/helm/metabase/values.yaml @@ -36,12 +36,22 @@ ingress: ## These are the values that were needed by the Metabase helm templates generated by template2helm ## Note The ones above are created by the `healm create metabase`. -metabaseImage: docker-remote.artifacts.developer.gov.bc.ca/metabase/metabase:latest + metabaseServiceName: metabase -postgresqlDatabase: metabase + +image: + repository: docker-remote.artifacts.developer.gov.bc.ca/metabase/metabase + tag: latest + pullPolicy: Always + +postgresql: + database: metabase + password: '' # Generated in the make file + user: metabase + version: "9.6" + persistence: + size: 1Gi + postgresqlImageNamespace: openshift -postgresqlPassword: '' # Generated in the make file -postgresqlUser: metabase -postgresqlVersion: "9.6" -postgresqlVolumeCapacity: 1Gi + namespace: "" From 68db681967234f0a10c6d83099ec253b7e7ca4b9 Mon Sep 17 00:00:00 2001 From: Jonathan Sharman Date: Wed, 20 Apr 2022 18:18:21 -0700 Subject: [PATCH 16/18] feat: metabase backup helm chart working for metabase --- .../values-eb75ad-tools-metabase-backup.yaml | 20 +++++++++++++++++++ 1 file changed, 20 insertions(+) create mode 100644 helm/backup-storage/values-eb75ad-tools-metabase-backup.yaml diff --git a/helm/backup-storage/values-eb75ad-tools-metabase-backup.yaml b/helm/backup-storage/values-eb75ad-tools-metabase-backup.yaml new file mode 100644 index 00000000..d889c8e2 --- /dev/null +++ b/helm/backup-storage/values-eb75ad-tools-metabase-backup.yaml @@ -0,0 +1,20 @@ +# The command to restore the latest backup is: +# ./backup.sh -r metabase-postgresql:5432/metabase +# The command to update the backup in sandbox dev is: +# make install NAME=metabase-backup NAMESPACE=eb75ad-tools +nameOverride: "metabase-backup-storage" +fullnameOverride: "metabase-backup-storage" + +backupConfig: | + postgres=metabase-postgresql:5432/metabase + 0 1 * * * default ./backup.sh -s + 0 4 * * * default ./backup.sh -s -v all + +db: + secretName: metabase-postgresql-credentials + usernameKey: username + passwordKey: password + +persistence: + backup: + size: 1Gi From 3d319c358df904c4577b392a4bd54ad1dd4cf7d6 Mon Sep 17 00:00:00 2001 From: Jonathan Sharman Date: Wed, 20 Apr 2022 18:22:30 -0700 Subject: [PATCH 17/18] feat: metabase add a troubleshooting note --- helm/metabase/README.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/helm/metabase/README.md b/helm/metabase/README.md index 7b457e70..33e9095e 100644 --- a/helm/metabase/README.md +++ b/helm/metabase/README.md @@ -103,3 +103,7 @@ The one complicated part of adding a db to the metabase account is the host. Th ``` It is important to connect to the read only service if one is available. If the connection attempt times out, it is possible the network policy you created is not set up properly. + +## Troubleshooting + +The secrets for the db get regenerated each time the helm charts are tun. This means the database pods may need to be scaled down to zero then back up to chance the credential. From cd3e0c48c09497bb864ad05115b58484d45a7ca3 Mon Sep 17 00:00:00 2001 From: Jonathan Sharman Date: Thu, 21 Apr 2022 08:33:06 -0700 Subject: [PATCH 18/18] feat: metabase restore the imagestream for postgres --- helm/metabase/README.md | 4 ---- helm/metabase/templates/imagestream.yaml | 16 ++++++++++++++++ 2 files changed, 16 insertions(+), 4 deletions(-) create mode 100644 helm/metabase/templates/imagestream.yaml diff --git a/helm/metabase/README.md b/helm/metabase/README.md index 33e9095e..7b457e70 100644 --- a/helm/metabase/README.md +++ b/helm/metabase/README.md @@ -103,7 +103,3 @@ The one complicated part of adding a db to the metabase account is the host. Th ``` It is important to connect to the read only service if one is available. If the connection attempt times out, it is possible the network policy you created is not set up properly. - -## Troubleshooting - -The secrets for the db get regenerated each time the helm charts are tun. This means the database pods may need to be scaled down to zero then back up to chance the credential. diff --git a/helm/metabase/templates/imagestream.yaml b/helm/metabase/templates/imagestream.yaml new file mode 100644 index 00000000..e4f92131 --- /dev/null +++ b/helm/metabase/templates/imagestream.yaml @@ -0,0 +1,16 @@ +apiVersion: image.openshift.io/v1 +kind: ImageStream +metadata: + labels: + app: metabase + template: metabase-postgresql-template + name: {{ .Values.metabaseServiceName }} +spec: + tags: + - from: + kind: DockerImage + name: "{{ .Values.image.repository }}:{{ .Values.image.tag }}" + generation: 2 + name: latest + referencePolicy: + type: Source