From ed059664e7f4905b24a3deb187149bb0dc35b91d Mon Sep 17 00:00:00 2001 From: Julien Bouquillon Date: Wed, 22 Nov 2023 20:59:13 +0100 Subject: [PATCH] fix: use CNPG (#301) * fix: use CNPG * fix * fix * fix * fix * fix s3 secret --------- Co-authored-by: Adrien Chauve --- .kontinuous/config.yaml | 15 +++++++++++++++ .kontinuous/env/dev/values.yaml | 23 +++-------------------- .kontinuous/env/prod/values.yaml | 13 +++++++++++++ .kontinuous/values.yaml | 13 ++++++++++--- src/db/config/config.js | 12 ++++++++++++ 5 files changed, 53 insertions(+), 23 deletions(-) create mode 100644 .kontinuous/config.yaml diff --git a/.kontinuous/config.yaml b/.kontinuous/config.yaml new file mode 100644 index 00000000..77df89b5 --- /dev/null +++ b/.kontinuous/config.yaml @@ -0,0 +1,15 @@ +projectName: mon-psy-sante +ciNamespace: ci-mon-psy-sante + +dependencies: + fabrique: + extends: + - name: buildkit-service + dependencies: + contrib: + preDeploy: + importSecrets: + options: + secrets: + mon-psy-sante-dev-backups-access-key: + mon-psy-sante-prod-backups-access-key: diff --git a/.kontinuous/env/dev/values.yaml b/.kontinuous/env/dev/values.yaml index fed2fb4c..2db4c46f 100644 --- a/.kontinuous/env/dev/values.yaml +++ b/.kontinuous/env/dev/values.yaml @@ -1,31 +1,14 @@ app: - ~needs: [build-app,seed] + ~needs: [build-app, seed] jobs: runs: - db: - use: create-db seed: - ~needs: [build-app,db] + ~needs: [build-app, pg] checkout: false # no need to checkout the repo as we use the docker image shell: sh image: "{{ .Values.global.registry }}{{ if .Values.global.imageProject }}{{ print `/` .Values.global.imageProject }}{{ end }}/{{ .Values.global.imageRepository }}/app:{{ .Values.global.imageTag }}" run: "yarn db:init" envFrom: - secretRef: - name: "pg-user" - - db-keycloak: - use: create-db - with: - pgSecretName: "keycloak-db" - database: "keycloak_{{ .Values.global.branchSlug32 }}" - pgUser: "keycloak_{{ .Values.global.branchSlug32 }}" - -keycloak: - ~needs: [db-keycloak] - extraEnvFrom: | - - secretRef: - name: "keycloak-db" - - secretRef: - name: keycloak-secrets + name: pg-app diff --git a/.kontinuous/env/prod/values.yaml b/.kontinuous/env/prod/values.yaml index 922d4744..5225d80c 100644 --- a/.kontinuous/env/prod/values.yaml +++ b/.kontinuous/env/prod/values.yaml @@ -28,6 +28,13 @@ app: value: "https://keycloak-{{ .Values.global.host }}/auth/realms/mon-psy-sante" - name: KEYCLOAK_ID value: mon-psy-app + envFrom: + - secretRef: + name: "{{ .Values.global.pgSecretName }}" # todo: change to pg-app after CNPG migration + - secretRef: + name: app-sealed-secret + - secretRef: + name: keycloak-secrets keycloak: ingress: @@ -39,6 +46,12 @@ keycloak: - hosts: - "keycloak-{{ .Values.global.host }}" secretName: keycloak-crt + # todo: remove block after CNPG migration + extraEnvFrom: | + - secretRef: + name: keycloak-db + - secretRef: + name: keycloak-secrets jobs: runs: diff --git a/.kontinuous/values.yaml b/.kontinuous/values.yaml index 71fb947b..df5d3c62 100644 --- a/.kontinuous/values.yaml +++ b/.kontinuous/values.yaml @@ -1,9 +1,10 @@ app: containerPort: 3000 + ~needs: [pg, keycloak] probesPath: "/healthz" envFrom: - secretRef: - name: "{{ .Values.global.pgSecretName }}" + name: pg-app - secretRef: name: app-sealed-secret - secretRef: @@ -16,13 +17,20 @@ app: - name: KEYCLOAK_ID value: mon-psy-app +pg: + ~chart: pg + +pg-keycloak: + ~chart: pg + keycloak: + ~needs: [pg-keycloak] postgresql: enabled: false extraEnvFrom: | - secretRef: - name: keycloak-db + name: pg-keycloak-app - secretRef: name: keycloak-secrets @@ -56,7 +64,6 @@ keycloak: mountPath: "/realm/" readOnly: true - extraInitContainers: | - name: compile-realm image: hairyhenderson/gomplate:v3.10.0-alpine diff --git a/src/db/config/config.js b/src/db/config/config.js index 13467f17..b64fe1c7 100644 --- a/src/db/config/config.js +++ b/src/db/config/config.js @@ -5,9 +5,21 @@ module.exports = { development: { dialect: "postgres", url: process.env.DATABASE_URL, + dialectOptions: { + ssl: { + require: false, + rejectUnauthorized: false, + }, + }, }, production: { dialect: "postgres", url: process.env.DATABASE_URL, + dialectOptions: { + ssl: { + require: true, + rejectUnauthorized: false, + }, + }, }, };