diff --git a/chart/README.md b/chart/README.md index 60f4ac23..a354ed59 100644 --- a/chart/README.md +++ b/chart/README.md @@ -47,7 +47,7 @@ extraObjects: #RESOURCES # meilisearch does not allow mapping their key in yet. MEILI_MASTER_KEY: barkLike8SuperDucks - postgres_user: kyoo_back + postgres_user: kyoo_all postgres_password: watchSomething4me rabbitmq_user: kyoo_all rabbitmq_password: youAreAmazing2 diff --git a/chart/templates/back/deployment.yaml b/chart/templates/back/deployment.yaml index a2dac8e4..693ed4f5 100644 --- a/chart/templates/back/deployment.yaml +++ b/chart/templates/back/deployment.yaml @@ -50,19 +50,19 @@ spec: - name: POSTGRES_USER valueFrom: secretKeyRef: - key: {{ .Values.global.postgres.kyoo_migrations.userKey }} - name: {{ .Values.global.postgres.kyoo_migrations.existingSecret }} + key: {{ .Values.global.postgres.kyoo_back.kyoo_migrations.userKey }} + name: {{ .Values.global.postgres.kyoo_back.kyoo_migrations.existingSecret }} - name: POSTGRES_PASSWORD valueFrom: secretKeyRef: - key: {{ .Values.global.postgres.kyoo_migrations.passwordKey }} - name: {{ .Values.global.postgres.kyoo_migrations.existingSecret }} + key: {{ .Values.global.postgres.kyoo_back.kyoo_migrations.passwordKey }} + name: {{ .Values.global.postgres.kyoo_back.kyoo_migrations.existingSecret }} - name: POSTGRES_DB - value: {{ .Values.global.postgres.database }} + value: {{ .Values.global.postgres.kyoo_back.database }} - name: POSTGRES_SERVER - value: {{ .Values.global.postgres.host }} + value: {{ .Values.global.postgres.kyoo_back.host }} - name: POSTGRES_PORT - value: "{{ .Values.global.postgres.port }}" + value: "{{ .Values.global.postgres.kyoo_back.port }}" {{- with .Values.back.extraInitContainers }} {{- tpl (toYaml .) $ | nindent 6 }} {{- end }} @@ -89,19 +89,19 @@ spec: - name: POSTGRES_USER valueFrom: secretKeyRef: - key: {{ .Values.global.postgres.kyoo_back.userKey }} - name: {{ .Values.global.postgres.kyoo_back.existingSecret }} + key: {{ .Values.global.postgres.kyoo_back.kyoo_back.userKey }} + name: {{ .Values.global.postgres.kyoo_back.kyoo_back.existingSecret }} - name: POSTGRES_PASSWORD valueFrom: secretKeyRef: - key: {{ .Values.global.postgres.kyoo_back.passwordKey }} - name: {{ .Values.global.postgres.kyoo_back.existingSecret }} + key: {{ .Values.global.postgres.kyoo_back.kyoo_back.passwordKey }} + name: {{ .Values.global.postgres.kyoo_back.kyoo_back.existingSecret }} - name: POSTGRES_DB - value: {{ .Values.global.postgres.database }} + value: {{ .Values.global.postgres.kyoo_back.database }} - name: POSTGRES_SERVER - value: {{ .Values.global.postgres.host }} + value: {{ .Values.global.postgres.kyoo_back.host }} - name: POSTGRES_PORT - value: "{{ .Values.global.postgres.port }}" + value: "{{ .Values.global.postgres.kyoo_back.port }}" - name: RABBITMQ_DEFAULT_USER valueFrom: secretKeyRef: diff --git a/chart/values.yaml b/chart/values.yaml index 4b96cf6b..d0be57d3 100644 --- a/chart/values.yaml +++ b/chart/values.yaml @@ -22,23 +22,31 @@ global: masterkeyKey: MEILI_MASTER_KEY existingSecret: bigsecret postgres: - host: kyoo-postgresql - port: 5432 - database: kyoo_back #infra is only used by subchart deployment infra: - # admin user is postgres - # default user is the database name - passwordKey: postgres_password - existingSecret: bigsecret - kyoo_migrations: - userKey: postgres_user + user: kyoo_all passwordKey: postgres_password existingSecret: bigsecret kyoo_back: - userKey: postgres_user - passwordKey: postgres_password - existingSecret: bigsecret + host: kyoo-postgresql + port: 5432 + database: kyoo_back + kyoo_migrations: + userKey: postgres_user + passwordKey: postgres_password + existingSecret: bigsecret + kyoo_back: + userKey: postgres_user + passwordKey: postgres_password + existingSecret: bigsecret + kyoo_transcoder: + host: kyoo-postgresql + port: 5432 + database: kyoo_transcoder + kyoo_transcoder: + userKey: postgres_user + passwordKey: postgres_password + existingSecret: bigsecret rabbitmq: host: kyoo-rabbitmq port: 5672 @@ -319,15 +327,31 @@ meilisearch: postgresql: enabled: false auth: - # this does not read from a secret. not sure how to map - # just manually make the same - username: "kyoo_back" - database: "{{ .Values.global.postgres.database }}" + # create a user + username: "{{ .Values.global.postgres.infra.user }}" existingSecret: "{{ .Values.global.postgres.infra.existingSecret }}" secretKeys: + # set the postgres user password to the same as our user adminPasswordKey: "{{ .Values.global.postgres.infra.passwordKey }}" userPasswordKey: "{{ .Values.global.postgres.infra.passwordKey }}" primary: + # create databases, schemas, and set search_path + initdb: + scripts: + # kyoo_back still requires public schema + # https://github.com/zoriya/Kyoo/issues/536 + kyoo_back.sql: | + CREATE DATABASE {{ .Values.global.postgres.kyoo_back.database }} WITH OWNER {{ .Values.global.postgres.infra.user }}; + \connect {{ .Values.global.postgres.kyoo_back.database }}; + CREATE SCHEMA IF NOT EXISTS data AUTHORIZATION {{ .Values.global.postgres.infra.user }}; + kyoo_transcoder.sql: | + CREATE DATABASE {{ .Values.global.postgres.kyoo_transcoder.database }} WITH OWNER {{ .Values.global.postgres.infra.user }}; + \connect {{ .Values.global.postgres.kyoo_transcoder.database }}; + REVOKE ALL ON SCHEMA public FROM PUBLIC; + CREATE SCHEMA IF NOT EXISTS data AUTHORIZATION {{ .Values.global.postgres.infra.user }}; + user.sql: | + ALTER ROLE {{ .Values.global.postgres.infra.user }} IN DATABASE {{ .Values.global.postgres.kyoo_back.database }} SET search_path TO "$user", public; + ALTER ROLE {{ .Values.global.postgres.infra.user }} IN DATABASE {{ .Values.global.postgres.kyoo_transcoder.database }} SET search_path TO "$user", data; persistence: size: 3Gi