add SSO database as a separate helm release

6e3db1d7 · Maarten de Waard · e5aa3ae7 · 6e3db1d7 · 6e3db1d7 · 6e3db1d7
Verified Commit 6e3db1d7 authored 3 years ago by Maarten de Waard
--- a/flux2/cluster/base/single-sign-on.yaml
+++ b/flux2/cluster/base/single-sign-on.yaml
@@ -22,6 +22,10 @@ spec:
      - kind: Secret
        name: stackspin-cluster-variables
  healthChecks:
+    - apiVersion: helm.toolkit.fluxcd.io/v2beta1
+      kind: HelmRelease
+      name: single-sign-on-database
+      namespace: stackspin
    - apiVersion: helm.toolkit.fluxcd.io/v2beta1
      kind: HelmRelease
      name: single-sign-on

--- a/flux2/core/base/single-sign-on/release.yaml
+++ b/flux2/core/base/single-sign-on/release.yaml
@@ -7,11 +7,12 @@ spec:
  releaseName: single-sign-on
  dependsOn:
    - name: nginx
+    - name: single-sign-on-database
  chart:
    spec:
      # renovate: registryUrl=https://open.greenhost.net/api/v4/projects/8/packages/helm/stable
      chart: single-sign-on
-      version: 0.6.1
+      version: 0.7.0
      sourceRef:
        kind: HelmRepository
        name: single-sign-on

--- a/flux2/core/base/single-sign-on/single-sign-on-values-configmap.yaml
+++ b/flux2/core/base/single-sign-on/single-sign-on-values-configmap.yaml
@@ -11,20 +11,9 @@ data:
      user: ${admin_email}
      password: ${userbackend_admin_password}
      db:
+        uri: single-sign-on-database
        password: ${dashboard_postgresql_password}

-    postgresql:
-      persistence:
-        existingClaim: single-sign-on-database
-      initdbScripts:
-        setup.sql: |
-          CREATE USER hydra WITH PASSWORD '${hydra_postgresql_password}';
-          CREATE USER kratos WITH PASSWORD '${kratos_postgresql_password}';
-          CREATE USER stackspin WITH PASSWORD '${dashboard_postgresql_password}';
-          CREATE DATABASE kratos WITH OWNER kratos;
-          CREATE DATABASE hydra WITH OWNER hydra;
-          CREATE DATABASE stackspin WITH OWNER stackspin;
-
    hydra-maester:
      # Watches the flux-system namespace because that is where the app
      # installation secrets live
@@ -44,7 +33,7 @@ data:
          secrets:
            system:
              - "${hydra_system_secret}"
-          dsn: "postgres://hydra:${hydra_postgresql_password}@single-sign-on-postgresql:5432/hydra"
+          dsn: "postgres://hydra:${hydra_postgresql_password}@single-sign-on-database-postgresql:5432/hydra"
      ingress:
        public:
          enabled: true
@@ -66,7 +55,7 @@ data:
    kratos:
      kratos:
        config:
-          dsn: "postgres://kratos:${kratos_postgresql_password}@single-sign-on-postgresql:5432/kratos"
+          dsn: "postgres://kratos:${kratos_postgresql_password}@single-sign-on-database-postgresql:5432/kratos"
          serve:
            public:
              base_url: https://sso.${domain}/api/

--- a/flux2/core/base/sources/single-sign-on.yaml
+++ b/flux2/core/base/sources/single-sign-on.yaml
@@ -8,4 +8,4 @@ spec:
  # The interval at which to check the upstream for updates
  interval: 1h
  # The repository URL, can be a HTTP/S or SSH address
-  url: https://open.greenhost.net/api/v4/projects/8/packages/helm/stable
+  url: https://open.greenhost.net/api/v4/projects/8/packages/helm/unstable