Add argocd manifest to install the postgresql chart

[cmoulliard]

Add argocd manifest to install the postgresql chart when user selects postgresql db and deploy the hlme under the app namespace

[cmoulliard]

Test with commit 1711f157d30ec0a3cf75c5912e4542a0877dbc5d is working as we got such an argocd file created:

apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
  name: my-quarkus-app-db
  namespace: openshift-gitops
  finalizers:
    - resources-finalizer.argocd.argoproj.io
spec:
  project: default
  destination:
    server: https://kubernetes.default.svc
    namespace: qshift
  source:
    chart: bitnami/postgresql
    repoURL: https://charts.bitnami.com/bitnami
    targetRevision: 11.9.13
    helm:
      values: |
        auth.username: 
        auth.password: 
        auth.database: quarkus-jdbc-postgresql
  syncPolicy:
    automated:
      prune: true
      selfHeal: false
    syncOptions:
      - CreateNamespace=true
      - RespectIgnoreDifferences=true
      - ApplyOutOfSyncOnly=true

TODOs:

• [x] We should fix the issue about missing parameters non passed: username and password
• [x] helm template is not found by argocd (FIXED)
• [x] Pod cannot be created on ocp due to

  create Pod my-quarkus-app-db-postgresql-0 in StatefulSet my-quarkus-app-db-postgresql failed error: 
  pods "my-quarkus-app-db-postgresql-0" is forbidden: 
  unable to validate against any security context constraint: 
  [provider "anyuid": Forbidden: not usable by user or serviceaccount, provider "pipelines-scc": Forbidden: not usable by user or serviceaccount, provider restricted-v2: .spec.securityContext.fsGroup: Invalid value: []int64{1001}: 1001 is not an allowed group, provider restricted-v2: .containers[0].runAsUser: Invalid value: 1001: must be in the ranges: [1000850000, 1000859999], 

  

[cmoulliard]

Another issue reported during installation of the Deployment resource

one or more objects failed to apply, reason: Deployment.apps "my-quarkus-app-deploy-quarkus-deploy" is invalid: metadata.annotations: Invalid value: "app.openshift.io/vcs-uri:https://github.com/ch007m/my-quarkus-app.gitapp.quarkus.io/quarkus-version": a qualified name must consist of alphanumeric characters, '-', '_' or '.', and must start and end with an alphanumeric character (e.g. 'MyName', or 'my.name', or '123-abc', regex used for validation is '([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9]') with an optional DNS subdomain prefix and '/' (e.g. 'example.com/MyName')

The CR was not added by helm during processing of

{{- define "quarkus-template.annotations" -}}
app.openshift.io/vcs-uri: {{- printf "https://%s/%s/%s.git" .Values.git.repo .Values.git.org .Values.git.name -}}
app.quarkus.io/quarkus-version: 3.7.1
{{- end }}

==>

annotations:
    'app.openshift.io/vcs-uri:https://github.com/ch007m/my-quarkus-app.gitapp.quarkus.io/quarkus-version': 3.7.1

[cmoulliard]

This PR works except the authentication but I suspect an issue if the PVC is not deleted and recreated

[cmoulliard]

Template + helm chart + application.properties is using now the Helm postgresql generated password => secret I did a new end to end test and it works Can you review please ? @iocanel

[cmoulliard]

Adding credentials into files that are checked into source control is not an acceptable approach. The charts do generate a secret with credentials inside it. We should pass the generated secret using something like:

This is also what I'm doing. The secret is generated by the helm chart, stored in a secret and secret mounted within the deployment => https://github.com/q-shift/qshift-templates/blob/32e85126d8fbe03e3e85f9d0fc5a04b8a69fc620/qshift/templates/quarkus-application/manifests/helm/deploy/templates/deployment.yaml#L38-L42

@iocanel

[cmoulliard]

I think that we should be good now :-) @iocanel