Closed cmoulliard closed 5 months ago
Test with commit 1711f157d30ec0a3cf75c5912e4542a0877dbc5d is working as we got such an argocd file created:
apiVersion: argoproj.io/v1alpha1
kind: Application
metadata:
name: my-quarkus-app-db
namespace: openshift-gitops
finalizers:
- resources-finalizer.argocd.argoproj.io
spec:
project: default
destination:
server: https://kubernetes.default.svc
namespace: qshift
source:
chart: bitnami/postgresql
repoURL: https://charts.bitnami.com/bitnami
targetRevision: 11.9.13
helm:
values: |
auth.username:
auth.password:
auth.database: quarkus-jdbc-postgresql
syncPolicy:
automated:
prune: true
selfHeal: false
syncOptions:
- CreateNamespace=true
- RespectIgnoreDifferences=true
- ApplyOutOfSyncOnly=true
TODOs:
create Pod my-quarkus-app-db-postgresql-0 in StatefulSet my-quarkus-app-db-postgresql failed error:
pods "my-quarkus-app-db-postgresql-0" is forbidden:
unable to validate against any security context constraint:
[provider "anyuid": Forbidden: not usable by user or serviceaccount, provider "pipelines-scc": Forbidden: not usable by user or serviceaccount, provider restricted-v2: .spec.securityContext.fsGroup: Invalid value: []int64{1001}: 1001 is not an allowed group, provider restricted-v2: .containers[0].runAsUser: Invalid value: 1001: must be in the ranges: [1000850000, 1000859999],
Another issue reported during installation of the Deployment resource
one or more objects failed to apply, reason: Deployment.apps "my-quarkus-app-deploy-quarkus-deploy" is invalid: metadata.annotations: Invalid value: "app.openshift.io/vcs-uri:https://github.com/ch007m/my-quarkus-app.gitapp.quarkus.io/quarkus-version": a qualified name must consist of alphanumeric characters, '-', '_' or '.', and must start and end with an alphanumeric character (e.g. 'MyName', or 'my.name', or '123-abc', regex used for validation is '([A-Za-z0-9][-A-Za-z0-9_.]*)?[A-Za-z0-9]') with an optional DNS subdomain prefix and '/' (e.g. 'example.com/MyName')
The CR was not added by helm during processing of
{{- define "quarkus-template.annotations" -}}
app.openshift.io/vcs-uri: {{- printf "https://%s/%s/%s.git" .Values.git.repo .Values.git.org .Values.git.name -}}
app.quarkus.io/quarkus-version: 3.7.1
{{- end }}
==>
annotations:
'app.openshift.io/vcs-uri:https://github.com/ch007m/my-quarkus-app.gitapp.quarkus.io/quarkus-version': 3.7.1
This PR works except the authentication but I suspect an issue if the PVC is not deleted and recreated
Template + helm chart + application.properties is using now the Helm postgresql generated password => secret I did a new end to end test and it works Can you review please ? @iocanel
Adding credentials into files that are checked into source control is not an acceptable approach. The charts do generate a secret with credentials inside it. We should pass the generated secret using something like:
This is also what I'm doing. The secret is generated by the helm chart, stored in a secret and secret mounted within the deployment => https://github.com/q-shift/qshift-templates/blob/32e85126d8fbe03e3e85f9d0fc5a04b8a69fc620/qshift/templates/quarkus-application/manifests/helm/deploy/templates/deployment.yaml#L38-L42
@iocanel
I think that we should be good now :-) @iocanel
Add argocd manifest to install the postgresql chart when user selects postgresql db and deploy the hlme under the app namespace