Cutlery/Kyoo
1
0
Fork 0
mirror of https://github.com/zoriya/Kyoo.git synced 2025-07-09 03:04:20 -04:00
Code Issues Packages Projects Releases Wiki Activity

prepare multi-tenant postgres

Browse Source
This commit is contained in:
Arlan Lloyd 2024-08-14 05:30:38 +00:00
parent 79d586dfca
commit 9657648e0d
3 changed files with 55 additions and 31 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
chart/README.md
View File

@ -47,7 +47,7 @@ extraObjects:
#RESOURCES
# meilisearch does not allow mapping their key in yet.
MEILI_MASTER_KEY: barkLike8SuperDucks
postgres_user: kyoo_back
postgres_user: kyoo_all
postgres_password: watchSomething4me
rabbitmq_user: kyoo_all
rabbitmq_password: youAreAmazing2

28
chart/templates/back/deployment.yaml
View File

@ -50,19 +50,19 @@ spec:
- name: POSTGRES_USER
valueFrom:
secretKeyRef:
key: {{ .Values.global.postgres.kyoo_migrations.userKey }}
name: {{ .Values.global.postgres.kyoo_migrations.existingSecret }}
key: {{ .Values.global.postgres.kyoo_back.kyoo_migrations.userKey }}
name: {{ .Values.global.postgres.kyoo_back.kyoo_migrations.existingSecret }}
- name: POSTGRES_PASSWORD
valueFrom:
secretKeyRef:
key: {{ .Values.global.postgres.kyoo_migrations.passwordKey }}
name: {{ .Values.global.postgres.kyoo_migrations.existingSecret }}
key: {{ .Values.global.postgres.kyoo_back.kyoo_migrations.passwordKey }}
name: {{ .Values.global.postgres.kyoo_back.kyoo_migrations.existingSecret }}
- name: POSTGRES_DB
value: {{ .Values.global.postgres.database }}
value: {{ .Values.global.postgres.kyoo_back.database }}
- name: POSTGRES_SERVER
value: {{ .Values.global.postgres.host }}
value: {{ .Values.global.postgres.kyoo_back.host }}
- name: POSTGRES_PORT
value: "{{ .Values.global.postgres.port }}"
value: "{{ .Values.global.postgres.kyoo_back.port }}"
{{- with .Values.back.extraInitContainers }}
{{- tpl (toYaml .) $ | nindent 6 }}
{{- end }}
@ -89,19 +89,19 @@ spec:
- name: POSTGRES_USER
valueFrom:
secretKeyRef:
key: {{ .Values.global.postgres.kyoo_back.userKey }}
name: {{ .Values.global.postgres.kyoo_back.existingSecret }}
key: {{ .Values.global.postgres.kyoo_back.kyoo_back.userKey }}
name: {{ .Values.global.postgres.kyoo_back.kyoo_back.existingSecret }}
- name: POSTGRES_PASSWORD
valueFrom:
secretKeyRef:
key: {{ .Values.global.postgres.kyoo_back.passwordKey }}
name: {{ .Values.global.postgres.kyoo_back.existingSecret }}
key: {{ .Values.global.postgres.kyoo_back.kyoo_back.passwordKey }}
name: {{ .Values.global.postgres.kyoo_back.kyoo_back.existingSecret }}
- name: POSTGRES_DB
value: {{ .Values.global.postgres.database }}
value: {{ .Values.global.postgres.kyoo_back.database }}
- name: POSTGRES_SERVER
value: {{ .Values.global.postgres.host }}
value: {{ .Values.global.postgres.kyoo_back.host }}
- name: POSTGRES_PORT
value: "{{ .Values.global.postgres.port }}"
value: "{{ .Values.global.postgres.kyoo_back.port }}"
- name: RABBITMQ_DEFAULT_USER
valueFrom:
secretKeyRef:

56
chart/values.yaml
View File

@ -22,23 +22,31 @@ global:
masterkeyKey: MEILI_MASTER_KEY
existingSecret: bigsecret
postgres:
host: kyoo-postgresql
port: 5432
database: kyoo_back
#infra is only used by subchart deployment
infra:
# admin user is postgres
# default user is the database name
passwordKey: postgres_password
existingSecret: bigsecret
kyoo_migrations:
userKey: postgres_user
user: kyoo_all
passwordKey: postgres_password
existingSecret: bigsecret
kyoo_back:
userKey: postgres_user
passwordKey: postgres_password
existingSecret: bigsecret
host: kyoo-postgresql
port: 5432
database: kyoo_back
kyoo_migrations:
userKey: postgres_user
passwordKey: postgres_password
existingSecret: bigsecret
kyoo_back:
userKey: postgres_user
passwordKey: postgres_password
existingSecret: bigsecret
kyoo_transcoder:
host: kyoo-postgresql
port: 5432
database: kyoo_transcoder
kyoo_transcoder:
userKey: postgres_user
passwordKey: postgres_password
existingSecret: bigsecret
rabbitmq:
host: kyoo-rabbitmq
port: 5672
@ -319,15 +327,31 @@ meilisearch:
postgresql:
enabled: false
auth:
# this does not read from a secret. not sure how to map
# just manually make the same
username: "kyoo_back"
database: "{{ .Values.global.postgres.database }}"
# create a user
username: "{{ .Values.global.postgres.infra.user }}"
existingSecret: "{{ .Values.global.postgres.infra.existingSecret }}"
secretKeys:
# set the postgres user password to the same as our user
adminPasswordKey: "{{ .Values.global.postgres.infra.passwordKey }}"
userPasswordKey: "{{ .Values.global.postgres.infra.passwordKey }}"
primary:
# create databases, schemas, and set search_path
initdb:
scripts:
# kyoo_back still requires public schema
# https://github.com/zoriya/Kyoo/issues/536
kyoo_back.sql: |
CREATE DATABASE {{ .Values.global.postgres.kyoo_back.database }} WITH OWNER {{ .Values.global.postgres.infra.user }};
\connect {{ .Values.global.postgres.kyoo_back.database }};
CREATE SCHEMA IF NOT EXISTS data AUTHORIZATION {{ .Values.global.postgres.infra.user }};
kyoo_transcoder.sql: |
CREATE DATABASE {{ .Values.global.postgres.kyoo_transcoder.database }} WITH OWNER {{ .Values.global.postgres.infra.user }};
\connect {{ .Values.global.postgres.kyoo_transcoder.database }};
REVOKE ALL ON SCHEMA public FROM PUBLIC;
CREATE SCHEMA IF NOT EXISTS data AUTHORIZATION {{ .Values.global.postgres.infra.user }};
user.sql: |
ALTER ROLE {{ .Values.global.postgres.infra.user }} IN DATABASE {{ .Values.global.postgres.kyoo_back.database }} SET search_path TO "$user", public;
ALTER ROLE {{ .Values.global.postgres.infra.user }} IN DATABASE {{ .Values.global.postgres.kyoo_transcoder.database }} SET search_path TO "$user", data;
persistence:
size: 3Gi