diff --git a/.dockerignore b/.dockerignore index ebf1d3d..7e58ab2 100644 --- a/.dockerignore +++ b/.dockerignore @@ -1 +1 @@ -charts +helm/ diff --git a/.github/workflows/pr-close.yaml b/.github/workflows/pr-close.yaml new file mode 100644 index 0000000..82ca557 --- /dev/null +++ b/.github/workflows/pr-close.yaml @@ -0,0 +1,12 @@ +name: pr-close +on: + pull_request: + types: [ closed ] + +jobs: + + preview-cleanup: + uses: CloudNativeEntrepreneur/actions/.github/workflows/gitops-preview-cleanup.yaml@main + secrets: inherit + with: + environment_repository: CloudNativeEntrepreneur/example-preview-envs \ No newline at end of file diff --git a/.github/workflows/pr.yaml b/.github/workflows/pr.yaml new file mode 100644 index 0000000..3e83dee --- /dev/null +++ b/.github/workflows/pr.yaml @@ -0,0 +1,45 @@ +name: pr + +on: + + pull_request: + branches: + - main + +jobs: + + helm-quality: + uses: CloudNativeEntrepreneur/actions/.github/workflows/helm-quality.yaml@main + with: + helm_path: helm + + preview-helm-quality: + uses: CloudNativeEntrepreneur/actions/.github/workflows/helm-quality.yaml@main + with: + helm_path: preview/helm + + promote-helm-quality: + uses: CloudNativeEntrepreneur/actions/.github/workflows/helm-quality.yaml@main + with: + helm_path: promote/helm + + preview: + needs: + - helm-quality + - preview-helm-quality + - promote-helm-quality + uses: CloudNativeEntrepreneur/actions/.github/workflows/gitops-preview.yaml@main + secrets: inherit + with: + container: true + environment_repository: CloudNativeEntrepreneur/example-preview-envs + project: example-preview-envs + comment: | + Your preview environment has been published! :rocket: + + It may take a few minutes to spin up, but you can view it here once it's ready: [${{ github.event.repository.name }}-pr-${{ github.event.pull_request.number }}-preview](http://${{ github.event.repository.name }}.${{ github.event.repository.name }}-pr-${{ github.event.pull_request.number }}-preview.127.0.0.1.sslip.io) + + You can verify the PR is ready with `kubectl`: + ```bash + kubectl get ksvc -n ${{ github.event.repository.name }}-pr-${{ github.event.pull_request.number }}-preview + ``` diff --git a/.github/workflows/publish-and-promote.yaml b/.github/workflows/publish-and-promote.yaml new file mode 100644 index 0000000..5abfe5e --- /dev/null +++ b/.github/workflows/publish-and-promote.yaml @@ -0,0 +1,30 @@ +name: promote +on: + push: + tags: + - v*.*.* + +jobs: + + publish-container: + uses: CloudNativeEntrepreneur/actions/.github/workflows/publish-container.yaml@main + secrets: inherit + + promote-local: + uses: CloudNativeEntrepreneur/actions/.github/workflows/gitops-promote-helm.yaml@main + secrets: inherit + with: + environment_repository: CloudNativeEntrepreneur/example-local-env + project: example-local-env + pull_request: false + values: | + # Set from promote job of CloudNativeEntrepreneur/example-hasura + local: true + + promote-prod: + uses: CloudNativeEntrepreneur/actions/.github/workflows/gitops-promote-helm.yaml@main + secrets: inherit + with: + environment_repository: CloudNativeEntrepreneur/example-prod-env + project: example-prod-env + pull_request: false diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml new file mode 100644 index 0000000..8b7dad5 --- /dev/null +++ b/.github/workflows/release.yaml @@ -0,0 +1,32 @@ +name: main +on: + push: + branches: + - main +jobs: + + helm-quality: + uses: CloudNativeEntrepreneur/actions/.github/workflows/helm-quality.yaml@main + with: + helm_path: helm + + preview-helm-quality: + uses: CloudNativeEntrepreneur/actions/.github/workflows/helm-quality.yaml@main + with: + helm_path: preview/helm + + promote-helm-quality: + uses: CloudNativeEntrepreneur/actions/.github/workflows/helm-quality.yaml@main + with: + helm_path: promote/helm + + release: + needs: + - helm-quality + - preview-helm-quality + - promote-helm-quality + uses: CloudNativeEntrepreneur/actions/.github/workflows/github-release.yaml@main + secrets: inherit + with: + helm: true + container: true \ No newline at end of file diff --git a/.lighthouse/jenkins-x/pullrequest.yaml b/.lighthouse/jenkins-x/pullrequest.yaml deleted file mode 100644 index cfc526a..0000000 --- a/.lighthouse/jenkins-x/pullrequest.yaml +++ /dev/null @@ -1,42 +0,0 @@ -apiVersion: tekton.dev/v1beta1 -kind: PipelineRun -metadata: - creationTimestamp: null - name: pullrequest -spec: - pipelineSpec: - tasks: - - name: from-build-pack - resources: {} - taskSpec: - metadata: - annotations: - sidecar.istio.io/inject: "false" - stepTemplate: - image: uses:jenkins-x/jx3-pipeline-catalog/tasks/docker-helm/pullrequest.yaml@versionStream - name: "" - resources: - requests: - cpu: 400m - memory: 512Mi - workingDir: /workspace/source - steps: - - image: uses:jenkins-x/jx3-pipeline-catalog/tasks/git-clone/git-clone-pr.yaml@versionStream - name: "" - resources: {} - - name: jx-variables - resources: {} - - name: build-container-build - resources: {} - - image: ghcr.io/jenkins-x-plugins/jx-preview:0.0.182 - name: promote-jx-preview - resources: {} - script: | - #!/usr/bin/env sh - source .jx/variables.sh - jx preview create - - podTemplate: {} - serviceAccountName: tekton-bot - timeout: 12h0m0s -status: {} diff --git a/.lighthouse/jenkins-x/release.yaml b/.lighthouse/jenkins-x/release.yaml deleted file mode 100644 index 68ddb84..0000000 --- a/.lighthouse/jenkins-x/release.yaml +++ /dev/null @@ -1,49 +0,0 @@ -apiVersion: tekton.dev/v1beta1 -kind: PipelineRun -metadata: - creationTimestamp: null - name: release -spec: - pipelineSpec: - tasks: - - name: from-build-pack - resources: {} - taskSpec: - metadata: - annotations: - sidecar.istio.io/inject: "false" - stepTemplate: - image: uses:jenkins-x/jx3-pipeline-catalog/tasks/javascript/release.yaml@versionStream - name: "" - resources: - requests: - cpu: 400m - memory: 512Mi - volumeMounts: - - mountPath: /tekton/home/npm - name: npmrc - workingDir: /workspace/source - steps: - - image: uses:jenkins-x/jx3-pipeline-catalog/tasks/git-clone/git-clone.yaml@versionStream - name: "" - resources: {} - - name: next-version - resources: {} - - name: jx-variables - resources: {} - - name: build-container-build - resources: {} - env: - - name: KANIKO_FLAGS - value: --snapshotMode=redo - - name: promote-changelog - resources: {} - - name: promote-helm-release - resources: {} - - name: promote-jx-promote - resources: {} - - podTemplate: {} - serviceAccountName: tekton-bot - timeout: 12h0m0s -status: {} diff --git a/.lighthouse/jenkins-x/triggers.yaml b/.lighthouse/jenkins-x/triggers.yaml deleted file mode 100644 index 95aba4d..0000000 --- a/.lighthouse/jenkins-x/triggers.yaml +++ /dev/null @@ -1,17 +0,0 @@ -apiVersion: config.lighthouse.jenkins-x.io/v1alpha1 -kind: TriggerConfig -spec: - presubmits: - - name: pr - context: "pr" - always_run: true - optional: false - source: "pullrequest.yaml" - postsubmits: - - name: release - context: "release" - source: "release.yaml" - ignore_changes: '^(\.lighthouse\/jenkins-x\/pullrequest\.yaml)|(preview\/.+)$' - branches: - - ^main$ - - ^master$ diff --git a/Dockerfile b/Dockerfile index 5ae6435..32bb125 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,5 +1,5 @@ # This container runs migrations - the main hasura service is hasura/graphql-engine:v2.x.x -FROM hasura/graphql-engine:v2.0.10.cli-migrations-v3 +FROM hasura/graphql-engine:v2.14.0.cli-migrations-v3 # we are managing migrations with schemahero - so let's avoid copying it here unless we go back to using Hasura for migrations. # we still want the metadata and config though diff --git a/Makefile b/Makefile index 2245bee..bf648ce 100644 --- a/Makefile +++ b/Makefile @@ -1,11 +1,12 @@ -HASURA_ENDPOINT?=http://example-hasura.default.127.0.0.1.sslip.io -LOCAL_DEV_CLUSTER ?= kind-local-dev-cluster +HASURA_ENDPOINT?=http://example-hasura.example-local-env.127.0.0.1.sslip.io +LOCAL_DEV_CLUSTER ?= rancher-desktop NOW := $(shell date +%m_%d_%Y_%H_%M) SERVICE_NAME := example-hasura -HASURA_GRAPHQL_DATABASE_URL=postgres://readmodel:$(kubectl get secret readmodel.example-readmodel-postgresql.credentials.postgresql.acid.zalan.do)@readmodel.default.cluster.svc.local:5432/readmodel +HASURA_GRAPHQL_DATABASE_URL=postgres://readmodel:$(kubectl get secret readmodel.example-readmodel-postgresql.credentials.postgresql.acid.zalan.do)@readmodel.example-local-env.cluster.svc.local:5432/readmodel # Does what's described in Readme, runs in the background - `attach-to-tmux-session` to attach to the session where it is running -onboard: refresh-kind-image +onboard: + echo "Nothing to do. Deploy using gitops config." open: code . @@ -14,30 +15,3 @@ migrate: hasura metadata apply --endpoint $(HASURA_ENDPOINT) hasura migrate apply --all-databases --endpoint $(HASURA_ENDPOINT) hasura metadata reload --endpoint $(HASURA_ENDPOINT) - -build-new-local-image: - kubectl ctx $(LOCAL_DEV_CLUSTER) - docker build -t $(SERVICE_NAME) . - docker tag $(SERVICE_NAME):latest dev.local/$(SERVICE_NAME):$(NOW) - -load-local-image-to-kind: - kubectl ctx $(LOCAL_DEV_CLUSTER) - kind --name local-dev-cluster load docker-image dev.local/$(SERVICE_NAME):$(NOW) - -deploy-to-local-cluster: - kubectl ctx $(LOCAL_DEV_CLUSTER) - helm template ./charts/$(SERVICE_NAME)/ \ - -f ./charts/$(SERVICE_NAME)/values.yaml \ - --set image.repository=dev.local/$(SERVICE_NAME),image.tag=$(NOW) \ - | kubectl apply -f - - kubectl wait --for=condition=ready ksvc example-hasura --timeout=600s - -delete-local-deployment: - kubectl ctx $(LOCAL_DEV_CLUSTER) - helm template ./charts/$(SERVICE_NAME)/ \ - -f ./charts/$(SERVICE_NAME)/values.yaml \ - --set image.repository=dev.local/$(SERVICE_NAME),image.tag=$(NOW) \ - | kubectl delete -f - - -refresh-kind-image: build-new-local-image load-local-image-to-kind deploy-to-local-cluster -hard-refresh-kind-image: delete-local-deployment build-new-local-image load-local-image-to-kind deploy-to-local-cluster diff --git a/OWNERS b/OWNERS deleted file mode 100644 index b316862..0000000 --- a/OWNERS +++ /dev/null @@ -1,4 +0,0 @@ -approvers: -- patrickleet -reviewers: -- patrickleet diff --git a/OWNERS_ALIASES b/OWNERS_ALIASES deleted file mode 100644 index 420b045..0000000 --- a/OWNERS_ALIASES +++ /dev/null @@ -1,6 +0,0 @@ -aliases: -- patrickleet -best-approvers: -- patrickleet -best-reviewers: -- patrickleet diff --git a/charts/example-hasura/README.md b/charts/example-hasura/README.md deleted file mode 100644 index a9044a9..0000000 --- a/charts/example-hasura/README.md +++ /dev/null @@ -1,3 +0,0 @@ -# example-hasura - -Auth Example's Hasura metadata, migrations, and seeds, as well as charts to run and configure Hasura with that information. \ No newline at end of file diff --git a/charts/example-hasura/templates/_helpers.tpl b/charts/example-hasura/templates/_helpers.tpl deleted file mode 100755 index f0d83d2..0000000 --- a/charts/example-hasura/templates/_helpers.tpl +++ /dev/null @@ -1,16 +0,0 @@ -{{/* vim: set filetype=mustache: */}} -{{/* -Expand the name of the chart. -*/}} -{{- define "name" -}} -{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" -}} -{{- end -}} - -{{/* -Create a default fully qualified app name. -We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec). -*/}} -{{- define "fullname" -}} -{{- $name := default .Chart.Name .Values.nameOverride -}} -{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" -}} -{{- end -}} diff --git a/charts/example-hasura/templates/service.yaml b/charts/example-hasura/templates/service.yaml deleted file mode 100644 index b2ed9c0..0000000 --- a/charts/example-hasura/templates/service.yaml +++ /dev/null @@ -1,22 +0,0 @@ -{{- if or .Values.knativeDeploy }} -{{- else }} -apiVersion: v1 -kind: Service -metadata: - name: {{ .Values.service.name }} - labels: - app: {{ .Values.service.name }} -{{- if .Values.service.annotations }} - annotations: -{{ toYaml .Values.service.annotations | indent 4 }} -{{- end }} -spec: - ports: - - protocol: TCP - port: {{ .Values.service.externalPort }} - targetPort: {{ .Values.service.internalPort }} - name: http - selector: - app: {{ .Values.service.name }} - type: {{ .Values.service.type }} -{{- end }} diff --git a/config.yaml b/config.yaml index 7e76f4b..c254308 100644 --- a/config.yaml +++ b/config.yaml @@ -1,5 +1,5 @@ version: 3 -endpoint: http://example-hasura.default.127.0.0.1.sslip.io +endpoint: http://example-hasura.example-prod-env.127.0.0.1.sslip.io metadata_directory: metadata actions: kind: synchronous diff --git a/docker-compose.default-example.yaml b/docker-compose.default-example.yaml index f6fc37e..4a375f7 100644 --- a/docker-compose.default-example.yaml +++ b/docker-compose.default-example.yaml @@ -1,14 +1,14 @@ version: '3.6' services: postgres: - image: postgres:12 + image: postgres:15 restart: always volumes: - db_data:/var/lib/postgresql/data environment: POSTGRES_PASSWORD: postgrespassword graphql-engine: - image: hasura/graphql-engine:v2.0.10 + image: hasura/graphql-engine:v2.25.1 ports: - "8080:8080" depends_on: diff --git a/charts/example-hasura/Chart.yaml b/helm/Chart.yaml similarity index 100% rename from charts/example-hasura/Chart.yaml rename to helm/Chart.yaml diff --git a/helm/templates/external-secret-example-hasura.yaml b/helm/templates/external-secret-example-hasura.yaml new file mode 100644 index 0000000..4552429 --- /dev/null +++ b/helm/templates/external-secret-example-hasura.yaml @@ -0,0 +1,18 @@ +{{- if .Values.localDev }} +{{- else }} +apiVersion: external-secrets.io/v1beta1 +kind: ExternalSecret +metadata: + name: example-hasura + annotations: + argocd.argoproj.io/sync-wave: "-1" +spec: + secretStoreRef: + name: fake + kind: ClusterSecretStore + target: + name: example-hasura + dataFrom: + - extract: + key: /example-hasura +{{- end }} diff --git a/charts/example-hasura/templates/hasura-cli-role.yaml b/helm/templates/hasura-cli-role.yaml similarity index 100% rename from charts/example-hasura/templates/hasura-cli-role.yaml rename to helm/templates/hasura-cli-role.yaml diff --git a/charts/example-hasura/templates/hasura-cli-rolebinding.yaml b/helm/templates/hasura-cli-rolebinding.yaml similarity index 100% rename from charts/example-hasura/templates/hasura-cli-rolebinding.yaml rename to helm/templates/hasura-cli-rolebinding.yaml diff --git a/charts/example-hasura/templates/hasura-cli-sa.yaml b/helm/templates/hasura-cli-sa.yaml similarity index 100% rename from charts/example-hasura/templates/hasura-cli-sa.yaml rename to helm/templates/hasura-cli-sa.yaml diff --git a/charts/example-hasura/templates/hasura-migrations-job.yaml b/helm/templates/hasura-migrations-job.yaml similarity index 75% rename from charts/example-hasura/templates/hasura-migrations-job.yaml rename to helm/templates/hasura-migrations-job.yaml index c9ba937..e1ad9cf 100644 --- a/charts/example-hasura/templates/hasura-migrations-job.yaml +++ b/helm/templates/hasura-migrations-job.yaml @@ -10,11 +10,14 @@ spec: metadata: annotations: sidecar.istio.io/inject: "false" + argocd.argoproj.io/hook: PostSync spec: serviceAccountName: {{ .Values.service.name }}-cli + imagePullSecrets: + - name: ghcr initContainers: - name: wait-for-resources - image: bitnami/kubectl:1.21 + image: bitnami/kubectl:1.24 command: [ 'sh', '-c', @@ -26,7 +29,15 @@ spec: env: - name: HASURA_GRAPHQL_ENDPOINT value: http://example-hasura.{{ .Release.Namespace }}.svc.cluster.local +{{- if .Values.localDev }} - name: HASURA_GRAPHQL_ADMIN_SECRET - value: af18a72fc1eb42a78aa8c6d679b4842a + value: "af18a72fc1eb42a78aa8c6d679b4842a" +{{- else }} + - name: HASURA_GRAPHQL_ADMIN_SECRET + valueFrom: + secretKeyRef: + name: example-hasura + key: adminSecret +{{- end }} restartPolicy: Never {{- end }} \ No newline at end of file diff --git a/charts/example-hasura/templates/hasura-psql.yaml b/helm/templates/hasura-psql.yaml similarity index 94% rename from charts/example-hasura/templates/hasura-psql.yaml rename to helm/templates/hasura-psql.yaml index e940dc9..89601a5 100644 --- a/charts/example-hasura/templates/hasura-psql.yaml +++ b/helm/templates/hasura-psql.yaml @@ -2,6 +2,8 @@ apiVersion: "acid.zalan.do/v1" kind: postgresql metadata: name: example-hasura-metadata-postgresql + annotations: + argocd.argoproj.io/sync-wave: "-1" spec: teamId: example @@ -35,7 +37,7 @@ spec: {{- end }} postgresql: - version: "13" + version: "14" parameters: {{ toYaml .Values.hasura.psql.parameters | indent 6 }} diff --git a/charts/example-hasura/templates/ksvc.yaml b/helm/templates/ksvc.yaml similarity index 51% rename from charts/example-hasura/templates/ksvc.yaml rename to helm/templates/ksvc.yaml index 34cdcef..b63758a 100644 --- a/charts/example-hasura/templates/ksvc.yaml +++ b/helm/templates/ksvc.yaml @@ -1,4 +1,3 @@ -{{- if .Values.knativeDeploy }} apiVersion: serving.knative.dev/v1 kind: Service metadata: @@ -6,6 +5,7 @@ metadata: labels: chart: "{{ .Chart.Name }}-{{ .Chart.Version | replace "+" "_" }}" annotations: + argocd.argoproj.io/sync-wave: "0" {{- if .Values.knative.subdomain }} custom-hostname: {{ .Values.knative.subdomain }} {{- end }} @@ -16,11 +16,26 @@ spec: autoscaling.knative.dev/minScale: {{ .Values.knative.minScale | quote }} autoscaling.knative.dev/maxScale: {{ .Values.knative.maxScale | quote }} spec: + # affinity: + # podAntiAffinity: + # preferredDuringSchedulingIgnoredDuringExecution: + # - podAffinityTerm: + # labelSelector: + # matchExpressions: + # - key: serving.knative.dev/service + # operator: In + # values: + # - {{ .Values.service.name }} + # topologyKey: failure-domain.beta.kubernetes.io/zone + # weight: 100 containers: - - image: hasura/graphql-engine:v2.0.10 + - image: hasura/graphql-engine:v2.14.0 ports: - containerPort: {{ .Values.service.internalPort }} + protocol: TCP env: + + # metadata db - name: METADATA_POSTGRES_USERNAME valueFrom: secretKeyRef: @@ -39,6 +54,8 @@ spec: value: "5432" - name: HASURA_GRAPHQL_METADATA_DATABASE_URL value: postgres://$(METADATA_POSTGRES_USERNAME):$(METADATA_POSTGRES_PASSWORD)@$(METADATA_POSTGRES_HOST):$(METADATA_POSTGRES_PORT)/$(METADATA_POSTGRES_DATABASE) + + # ReadModel / default db - name: READMODEL_POSTGRES_USERNAME valueFrom: secretKeyRef: @@ -57,6 +74,50 @@ spec: value: "5432" - name: HASURA_GRAPHQL_DATABASE_URL value: postgres://$(READMODEL_POSTGRES_USERNAME):$(READMODEL_POSTGRES_PASSWORD)@$(READMODEL_POSTGRES_HOST):$(READMODEL_POSTGRES_PORT)/$(READMODEL_POSTGRES_DATABASE) + + + # sourced db + - name: SOURCED_POSTGRES_USERNAME + valueFrom: + secretKeyRef: + name: {{ .Values.sourced.psql.username }}.{{ .Values.sourced.psql.name }}.credentials.postgresql.acid.zalan.do + key: username + - name: SOURCED_POSTGRES_PASSWORD + valueFrom: + secretKeyRef: + name: {{ .Values.sourced.psql.username }}.{{ .Values.sourced.psql.name }}.credentials.postgresql.acid.zalan.do + key: password + - name: SOURCED_POSTGRES_DATABASE + value: {{ .Values.sourced.psql.database }} + - name: SOURCED_POSTGRES_HOST + value: {{ .Values.sourced.psql.hostname.write }}.{{ .Release.Namespace }}.svc.cluster.local + - name: SOURCED_POSTGRES_PORT + value: "5432" + - name: SOURCED_DATABASE_URL + value: postgres://$(SOURCED_POSTGRES_USERNAME):$(SOURCED_POSTGRES_PASSWORD)@$(SOURCED_POSTGRES_HOST):$(SOURCED_POSTGRES_PORT)/$(SOURCED_POSTGRES_DATABASE) + + + # web3auth db + - name: WEB3AUTH_POSTGRES_USERNAME + valueFrom: + secretKeyRef: + name: {{ .Values.web3auth.psql.username }}.{{ .Values.web3auth.psql.name }}.credentials.postgresql.acid.zalan.do + key: username + - name: WEB3AUTH_POSTGRES_PASSWORD + valueFrom: + secretKeyRef: + name: {{ .Values.web3auth.psql.username }}.{{ .Values.web3auth.psql.name }}.credentials.postgresql.acid.zalan.do + key: password + - name: WEB3AUTH_POSTGRES_DATABASE + value: {{ .Values.web3auth.psql.database }} + - name: WEB3AUTH_POSTGRES_HOST + value: {{ .Values.web3auth.psql.hostname.write }}.{{ .Release.Namespace }}.svc.cluster.local + - name: WEB3AUTH_POSTGRES_PORT + value: "5432" + - name: WEB3AUTH_DATABASE_URL + value: postgres://$(WEB3AUTH_POSTGRES_USERNAME):$(WEB3AUTH_POSTGRES_PASSWORD)@$(WEB3AUTH_POSTGRES_HOST):$(WEB3AUTH_POSTGRES_PORT)/$(WEB3AUTH_POSTGRES_DATABASE) + + ## enable the console served by server - need to run `hasura console` to access instead - name: HASURA_GRAPHQL_ENABLE_CONSOLE value: "false" @@ -65,10 +126,31 @@ spec: value: {{ .Values.hasura.devMode | quote }} - name: HASURA_GRAPHQL_CORS_DOMAIN value: '*' + - name: HASURA_GRAPHQL_UNAUTHORIZED_ROLE + value: anonymous + - name: HASURA_GRAPHQL_ADMIN_SECRET - value: af18a72fc1eb42a78aa8c6d679b4842a + valueFrom: + secretKeyRef: + name: example-hasura + key: adminSecret - name: HASURA_GRAPHQL_JWT_SECRET - value: '{"type":"HS256", "key": "a114d68b22894049a7c2203a7228fdcde922a1210675427795b7bf9a0317e16d"}' + valueFrom: + secretKeyRef: + name: example-hasura + key: jwtSecret +{{- if .Values.local }} + - name: EXAMPLE_TODO_MODEL + value: host.docker.internal:5002 + - name: EXAMPLE_POLICY_SERVICE + value: host.docker.internal:5020 +{{- else }} + - name: EXAMPLE_TODO_MODEL + value: example-todo-model-service.{{ .Release.Namespace }}.svc.cluster.local + - name: EXAMPLE_POLICY_SERVICE + value: example-policy-service.{{ .Release.Namespace }}.svc.cluster.local +{{- end }} + {{- range $pkey, $pval := .Values.env }} - name: {{ $pkey }} value: {{ quote $pval }} @@ -81,4 +163,3 @@ spec: # path: {{ .Values.livenessProbe.probePath | default .Values.probePath }} resources: {{ toYaml .Values.resources | indent 10 }} -{{- end }} \ No newline at end of file diff --git a/charts/example-hasura/values.yaml b/helm/values.yaml similarity index 70% rename from charts/example-hasura/values.yaml rename to helm/values.yaml index 636ad6a..3b13e44 100755 --- a/charts/example-hasura/values.yaml +++ b/helm/values.yaml @@ -2,18 +2,19 @@ # This is a YAML-formatted file. # Declare variables to be passed into your templates. image: - repository: draft - tag: dev + repository: ghcr.io/cloudnativeentrepreneur/example-hasura + tag: latest pullPolicy: IfNotPresent # define environment variables here as a map of key: value env: -knativeDeploy: true knative: minScale: 1 maxScale: 3 +local: false + runMigrations: true runSeeds: false @@ -37,7 +38,7 @@ readinessProbe: resources: limits: - cpu: '1' + cpu: "1" memory: 1Gi requests: cpu: 200m @@ -48,10 +49,15 @@ hasura: psql: name: example-hasura-metadata-postgresql database: metadata - username: metadata + username: postgres + hostname: + write: example-hasura-metadata-postgresql + read: example-hasura-metadata-postgresql-repl + pool: example-hasura-metadata-db-pgpool numberOfInstances: 1 enableLogicalBackup: false enableShmVolume: true + # we're using pgpool instead of pgbouncer with zalando pgo - so, we already have a connection pooler - don't enable. enableConnectionPooler: false enableReplicaConnectionPooler: false connectionPooler: @@ -99,7 +105,28 @@ readmodel: psql: name: example-readmodel-postgresql database: readmodel - username: readmodel - hostname: + username: postgres + hostname: write: example-readmodel-postgresql read: example-readmodel-postgresql-repl + pool: example-readmodel-pgpool + +sourced: + psql: + name: example-sourced-db-postgresql + database: sourced + username: postgres + hostname: + write: example-sourced-db-postgresql + read: example-sourced-db-postgresql-repl + pool: example-sourced-db-pgpool + +web3auth: + psql: + name: web3auth-db-postgresql + database: web3auth + username: postgres + hostname: + write: web3auth-db-postgresql + read: web3auth-db-postgresql-repl + pool: web3auth-db-pgpool diff --git a/metadata/actions.yaml b/metadata/actions.yaml index b55a6db..1cacef3 100644 --- a/metadata/actions.yaml +++ b/metadata/actions.yaml @@ -2,25 +2,25 @@ actions: - name: command_todo_complete definition: kind: synchronous - handler: http://host.docker.internal:5002/todo.complete + handler: http://{{EXAMPLE_TODO_MODEL}}/todo.complete permissions: - role: user - name: command_todo_initialize definition: kind: synchronous - handler: http://host.docker.internal:5002/todo.initialize + handler: http://{{EXAMPLE_TODO_MODEL}}/todo.initialize permissions: - role: user - name: command_todo_remove definition: kind: synchronous - handler: http://host.docker.internal:5002/todo.remove + handler: http://{{EXAMPLE_TODO_MODEL}}/todo.remove permissions: - role: user - name: command_todo_reopen definition: kind: synchronous - handler: http://host.docker.internal:5002/todo.reopen + handler: http://{{EXAMPLE_TODO_MODEL}}/todo.reopen permissions: - role: user custom_types: diff --git a/metadata/databases/databases.yaml b/metadata/databases/databases.yaml index 65a11b2..5c9f4ff 100644 --- a/metadata/databases/databases.yaml +++ b/metadata/databases/databases.yaml @@ -12,3 +12,21 @@ retries: 1 use_prepared_statements: true tables: "!include default/tables/tables.yaml" +- name: sourced + kind: postgres + configuration: + connection_info: + database_url: + from_env: SOURCED_DATABASE_URL + isolation_level: read-committed + use_prepared_statements: false + tables: "!include sourced/tables/tables.yaml" +- name: web3auth + kind: postgres + configuration: + connection_info: + database_url: + from_env: WEB3AUTH_DATABASE_URL + isolation_level: read-committed + use_prepared_statements: false + tables: "!include web3auth/tables/tables.yaml" diff --git a/metadata/databases/default/tables/public_todos.yaml b/metadata/databases/default/tables/public_todos.yaml index 9d8e240..d672b25 100644 --- a/metadata/databases/default/tables/public_todos.yaml +++ b/metadata/databases/default/tables/public_todos.yaml @@ -1,6 +1,10 @@ table: name: todos schema: public +object_relationships: +- name: web3auth_user + using: + foreign_key_constraint_on: address select_permissions: - permission: allow_aggregations: true @@ -14,4 +18,5 @@ select_permissions: filter: address: _eq: X-Hasura-User-Id + limit: 25 role: user diff --git a/metadata/databases/default/tables/public_web3auth_users.yaml b/metadata/databases/default/tables/public_web3auth_users.yaml new file mode 100644 index 0000000..0881298 --- /dev/null +++ b/metadata/databases/default/tables/public_web3auth_users.yaml @@ -0,0 +1,18 @@ +table: + name: web3auth_users + schema: public +select_permissions: +- permission: + columns: + - address + - username + filter: {} + limit: 25 + role: anonymous +- permission: + columns: + - address + - username + filter: {} + limit: 25 + role: user diff --git a/metadata/databases/default/tables/tables.yaml b/metadata/databases/default/tables/tables.yaml index 467d14a..50babde 100644 --- a/metadata/databases/default/tables/tables.yaml +++ b/metadata/databases/default/tables/tables.yaml @@ -1 +1,2 @@ - "!include public_todos.yaml" +- "!include public_web3auth_users.yaml" \ No newline at end of file diff --git a/metadata/databases/sourced/tables/public_event.yaml b/metadata/databases/sourced/tables/public_event.yaml new file mode 100644 index 0000000..45c9339 --- /dev/null +++ b/metadata/databases/sourced/tables/public_event.yaml @@ -0,0 +1,3 @@ +table: + name: event + schema: public diff --git a/metadata/databases/sourced/tables/tables.yaml b/metadata/databases/sourced/tables/tables.yaml new file mode 100644 index 0000000..5aedb29 --- /dev/null +++ b/metadata/databases/sourced/tables/tables.yaml @@ -0,0 +1 @@ +- "!include public_event.yaml" diff --git a/metadata/databases/web3auth/tables/public_refresh_tokens.yaml b/metadata/databases/web3auth/tables/public_refresh_tokens.yaml new file mode 100644 index 0000000..a7cd547 --- /dev/null +++ b/metadata/databases/web3auth/tables/public_refresh_tokens.yaml @@ -0,0 +1,7 @@ +table: + name: refresh_tokens + schema: public +object_relationships: +- name: user + using: + foreign_key_constraint_on: address diff --git a/metadata/databases/web3auth/tables/public_users.yaml b/metadata/databases/web3auth/tables/public_users.yaml new file mode 100644 index 0000000..7bf39e4 --- /dev/null +++ b/metadata/databases/web3auth/tables/public_users.yaml @@ -0,0 +1,11 @@ +table: + name: users + schema: public +array_relationships: +- name: refresh_tokens + using: + foreign_key_constraint_on: + column: address + table: + name: refresh_tokens + schema: public diff --git a/metadata/databases/web3auth/tables/tables.yaml b/metadata/databases/web3auth/tables/tables.yaml new file mode 100644 index 0000000..24715dc --- /dev/null +++ b/metadata/databases/web3auth/tables/tables.yaml @@ -0,0 +1,2 @@ +- "!include public_refresh_tokens.yaml" +- "!include public_users.yaml" diff --git a/preview/Kptfile b/preview/Kptfile deleted file mode 100644 index ac0f2f1..0000000 --- a/preview/Kptfile +++ /dev/null @@ -1,11 +0,0 @@ -apiVersion: kpt.dev/v1alpha1 -kind: Kptfile -metadata: - name: preview -upstream: - type: git - git: - commit: 1064367e5df53ed8c0c00998fd6fe89a2b9100ce - repo: https://github.com/jenkins-x/jx3-pipeline-catalog - directory: /helm/preview - ref: master diff --git a/preview/helm/Chart.yaml b/preview/helm/Chart.yaml new file mode 100644 index 0000000..7587cda --- /dev/null +++ b/preview/helm/Chart.yaml @@ -0,0 +1,6 @@ +# Helm chart.yaml +apiVersion: v1 +appVersion: "1.0" +description: A Helm chart for Kubernetes +name: example-hasura +version: 1.0.0 diff --git a/preview/helm/templates/application.yaml b/preview/helm/templates/application.yaml new file mode 100644 index 0000000..5196775 --- /dev/null +++ b/preview/helm/templates/application.yaml @@ -0,0 +1,25 @@ +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: {{ .Values.name }}-{{ .Values.pr }}-preview-app + namespace: argocd + finalizers: + - resources-finalizer.argocd.argoproj.io +spec: + project: {{ .Values.project }} + source: + path: helm + repoURL: https://github.com/{{ .Values.repository }}.git + targetRevision: {{ .Values.headRef }} + helm: + version: v3 + values: | + image: + tag: {{ .Values.tag }} + destination: + namespace: {{ .Values.name }}-{{ .Values.pr }}-preview + server: https://kubernetes.default.svc + syncPolicy: + automated: + selfHeal: true + prune: true diff --git a/preview/helm/templates/environment.yaml b/preview/helm/templates/environment.yaml new file mode 100644 index 0000000..abc6aea --- /dev/null +++ b/preview/helm/templates/environment.yaml @@ -0,0 +1,24 @@ +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: {{ .Values.name }}-{{ .Values.pr }}-preview-environment + namespace: argocd + finalizers: + - resources-finalizer.argocd.argoproj.io + annotations: + argocd.argoproj.io/sync-wave: "-1" +spec: + project: example-preview-envs + source: + path: helm + repoURL: https://github.com/cloudnativeentrepreneur/environment.git + targetRevision: v0.4.0 + helm: + version: v3 + destination: + namespace: {{ .Values.name }}-{{ .Values.pr }}-preview + server: https://kubernetes.default.svc + syncPolicy: + automated: + selfHeal: true + prune: true \ No newline at end of file diff --git a/preview/helm/values.yaml b/preview/helm/values.yaml new file mode 100644 index 0000000..e576bb1 --- /dev/null +++ b/preview/helm/values.yaml @@ -0,0 +1,6 @@ +name: example-hasura +pr: pr-0 +headRef: HEAD +tag: latest +repository: CloudNativeEntrepreneur/example-hasura +project: dev \ No newline at end of file diff --git a/preview/helmfile.yaml b/preview/helmfile.yaml deleted file mode 100644 index eed56b0..0000000 --- a/preview/helmfile.yaml +++ /dev/null @@ -1,59 +0,0 @@ -environments: - default: - values: - - jx-values.yaml -repositories: -- name: jx3 - url: https://jenkins-x-charts.github.io/repo -- name: cne - url: https://cloudnativeentrepreneur.github.io/helm-charts/ -releases: -- chart: jx3/jx-verify - name: jx-verify - namespace: '{{ requiredEnv "PREVIEW_NAMESPACE" }}' - values: - - values.verify.yaml -- chart: cne/example-readmodel - name: example-readmodel - version: 0.0.1 - wait: true - namespace: '{{ requiredEnv "PREVIEW_NAMESPACE" }}' - values: - - jx-values.yaml -- chart: cne/sourced-psql-event-store - name: sourced-psql-event-store - version: 0.0.1 - wait: true - namespace: '{{ requiredEnv "PREVIEW_NAMESPACE" }}' - values: - - jx-values.yaml -- chart: '../charts/{{ requiredEnv "APP_NAME" }}' - name: preview - wait: true - createNamespace: true - namespace: '{{ requiredEnv "PREVIEW_NAMESPACE" }}' - values: - - jx-values.yaml - - values.preview.yaml - - values.yaml.gotmpl - hooks: - - events: ["presync"] - showlogs: true - command: "jx" - args: - - secret - - copy - - --create-namespace - - --selector - - "secret.jenkins-x.io/replica-source=true" - - --to - - '{{ requiredEnv "PREVIEW_NAMESPACE" }}' - - events: ["presync"] - showlogs: true - command: "kubectl" - args: - - label - - namespace - - '{{ requiredEnv "PREVIEW_NAMESPACE" }}' - - istio-injection=enabled - - --overwrite=true diff --git a/preview/values.preview.yaml b/preview/values.preview.yaml deleted file mode 100644 index 14eed73..0000000 --- a/preview/values.preview.yaml +++ /dev/null @@ -1,2 +0,0 @@ -env: -vaultRole: jx-vault diff --git a/preview/values.verify.yaml b/preview/values.verify.yaml deleted file mode 100644 index 1d7e3c2..0000000 --- a/preview/values.verify.yaml +++ /dev/null @@ -1,3 +0,0 @@ -verifyJob: - podAnnotations: - sidecar.istio.io/inject: "false" diff --git a/preview/values.yaml.gotmpl b/preview/values.yaml.gotmpl deleted file mode 100644 index 4e4cabc..0000000 --- a/preview/values.yaml.gotmpl +++ /dev/null @@ -1,11 +0,0 @@ -jxRequirements: - ingress: - namespaceSubDomain: "-pr{{ requiredEnv "PULL_NUMBER" }}." - -image: - repository: "{{ requiredEnv "DOCKER_REGISTRY" }}/{{ requiredEnv "DOCKER_REGISTRY_ORG" }}/{{ requiredEnv "APP_NAME" }}" - tag: "{{ requiredEnv "VERSION" }}" - pullPolicy: "Always" - -knative: - subdomain: "{{ requiredEnv "APP_NAME" }}-pr-{{ requiredEnv "PULL_NUMBER" }}" \ No newline at end of file diff --git a/promote/helm/Chart.yaml b/promote/helm/Chart.yaml new file mode 100644 index 0000000..924155e --- /dev/null +++ b/promote/helm/Chart.yaml @@ -0,0 +1,6 @@ +# Helm chart.yaml +apiVersion: v1 +appVersion: "1.0" +description: Config to promote +name: example-hasura-promote +version: v0.0.0-dev diff --git a/promote/helm/templates/application.yaml b/promote/helm/templates/application.yaml new file mode 100644 index 0000000..0459ca5 --- /dev/null +++ b/promote/helm/templates/application.yaml @@ -0,0 +1,26 @@ +apiVersion: argoproj.io/v1alpha1 +kind: Application +metadata: + name: {{ .Values.name }} + namespace: argocd + finalizers: + - resources-finalizer.argocd.argoproj.io +spec: + project: {{ .Values.project }} + source: + path: helm + repoURL: https://github.com/{{ .Values.repository }}.git + targetRevision: {{ .Values.version }} + helm: + version: v3 +{{- if .Values.values }} + values: | + {{ .Values.values | nindent 8 }} +{{- end }} + destination: + namespace: {{ .Values.project }} + server: https://kubernetes.default.svc + syncPolicy: + automated: + selfHeal: true + prune: true diff --git a/promote/helm/values.yaml b/promote/helm/values.yaml new file mode 100644 index 0000000..1c04e21 --- /dev/null +++ b/promote/helm/values.yaml @@ -0,0 +1,5 @@ +name: example-hasura +version: HEAD +project: dev +repository: CloudNativeEntrepreneur/example-hasura +values: "" \ No newline at end of file diff --git a/renovate.json b/renovate.json index 872f5da..2236ea0 100644 --- a/renovate.json +++ b/renovate.json @@ -1,6 +1,9 @@ { "extends": ["config:base"], - "prConcurrentLimit": 0, - "prHourlyLimit": 0, - "rebaseWhen": "behind-base-branch" + "argocd": { + "fileMatch": [ + "preview/helm/templates/.+\\.yaml$", + "promote/helm/templates/.+\\.yaml$" + ] + } }