Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

parameterize azure PG config and use psql-client container to connect #790

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

parameterize azure PG config and use psql-client container to connect #790

wants to merge 1 commit into from

Conversation

geoberle
Copy link
Collaborator

@geoberle geoberle commented Oct 30, 2024
edited
Loading

What this PR does

  • installing the psql client tool locally brings a log of dependencies on most systems. by using a container we avoid having to install too many things on developer machines
  • this PR also cleans up "current user connect" as this was never working anyways
  • parameterize all fields required for CS and Maestro DB setup so we can have consistency between infra RBAC deployment, service deployment and DB deployment

Jira:
Link to demo recording:

Special notes for your reviewer

@miguelsorianod
Copy link
Collaborator

It looks good to me

bennerv
bennerv reviewed Oct 30, 2024
View reviewed changes
dev-infrastructure/scripts/miwi-pg-connect.sh Outdated
@@ -7,7 +7,7 @@ NAMESPACE=$4
SA_NAME=$5

# prep creds and configs
PGHOST=$(az postgres flexible-server list --resource-group ${RESOURCEGROUP} --query "[?starts_with(name, '${DB_SERVER_NAME_PREFIX}')].fullyQualifiedDomainName" -o tsv)
export PGHOST=$(az postgres flexible-server list --resource-group ${RESOURCEGROUP} --query "[?starts_with(name, '${DB_SERVER_NAME_PREFIX}')].fullyQualifiedDomainName" -o tsv)
AZURE_TENANT_ID=$(az account show -o json | jq .homeTenantId -r)
AZURE_CLIENT_ID=$(az identity show -g ${RESOURCEGROUP} -n ${MANAGED_IDENTITY_NAME} --query clientId -o tsv)
SA_TOKEN=$(kubectl create token ${SA_NAME} --namespace=${NAMESPACE} --audience api://AzureADTokenExchange)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should we make the expiration of this token short-lived? I.e. 24 hrs?

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

  • the default SA token on AKS expires in 1h, i made it explicit though
  • for az account get-access-token there is no way to set the expiration - it defaults to 24h

@github-actions GitHub Actions
Copy link

github-actions bot commented Nov 1, 2024

Please rebase pull request.

@geoberle geoberle changed the title use psql container to connect to azure postgres db parameterize azure PG config and use psql-client container to connect Nov 3, 2024
@github-actions GitHub Actions
Copy link

github-actions bot commented Nov 4, 2024

Please rebase pull request.

@github-actions GitHub Actions
Copy link

Please rebase pull request.

@geoberle
use config templates for maestro and CS DB configuration
4e8f78d 
* installing the psql client tool locally brings a log of dependencies on most systems. by using a container we avoid having to install too many things on developer machines
* parameterize all fields required for CS and Maestro DB setup so we can have consistency between infra RBAC deployment, service deployment and DB deployment

Signed-off-by: Gerd Oberlechner <[email protected]>
@github-actions GitHub Actions
Copy link

Please rebase pull request.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@miguelsorianod miguelsorianod miguelsorianod left review comments

@bennerv bennerv bennerv left review comments

@janboll janboll Awaiting requested review from janboll janboll is a code owner

@jmelis jmelis Awaiting requested review from jmelis jmelis is a code owner

@jonathan34c jonathan34c Awaiting requested review from jonathan34c jonathan34c is a code owner

@niontive niontive Awaiting requested review from niontive niontive is a code owner

@nwnt nwnt Awaiting requested review from nwnt nwnt is a code owner

@SudoBrendan SudoBrendan Awaiting requested review from SudoBrendan SudoBrendan is a code owner

@UlrichSchlueter UlrichSchlueter Awaiting requested review from UlrichSchlueter UlrichSchlueter is a code owner

@weinong weinong Awaiting requested review from weinong weinong is a code owner

@whober0521 whober0521 Awaiting requested review from whober0521 whober0521 is a code owner

@jharrington22 jharrington22 Awaiting requested review from jharrington22 jharrington22 is a code owner

@zgalor zgalor Awaiting requested review from zgalor zgalor is a code owner

@tony-schndr tony-schndr Awaiting requested review from tony-schndr tony-schndr is a code owner

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
needs-rebase
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@geoberle @miguelsorianod @bennerv