Set env vars from secrets so when pods cycle values are updated

- without this, the db host env var is not updated on the deployment until the deployment yaml is patched in a future reconciliation loop. - remove logic to scale up the content and web pods after upgrading and rely on a second reconciliation loop for now.
ansible · Mar 11, 2024 · a10ad34 · a10ad34
1 parent ebe9a42
commit a10ad34
Show file tree

Hide file tree

Showing 7 changed files with 43 additions and 35 deletions.
diff --git a/playbooks/galaxy.yaml b/playbooks/galaxy.yaml
@@ -107,4 +107,4 @@
         - galaxy-worker
         - galaxy-api
         - galaxy-route
-        - galaxy-status
+        - galaxy-status
diff --git a/roles/common/tasks/postgres_configuration.yml b/roles/common/tasks/postgres_configuration.yml
@@ -82,12 +82,15 @@
     - postgres_migrant_configuration_secret is defined
     - recorded_db_migration_secret == postgres_migrant_configuration_secret
 
-
 - name: Set PostgreSQL Configuration
   set_fact:
     pg_config: '{{ _generated_pg_config_resources["resources"] | default([]) | length | ternary(_generated_pg_config_resources, _pg_config) }}'
   no_log: "{{ no_log }}"
 
+- name: Set actual postgres configuration secret used
+  set_fact:
+    _postgres_configuration_secret: "{{ pg_config['resources'][0]['metadata']['name'] }}"
+
 - name: Set user provided postgres image
   set_fact:
     _custom_postgres_image: "{{ postgres_image }}"

diff --git a/roles/galaxy-api/templates/galaxy-api.deployment.yaml.j2 b/roles/galaxy-api/templates/galaxy-api.deployment.yaml.j2
@@ -137,9 +137,15 @@ spec:
           - start-api
           env:
             - name: POSTGRES_SERVICE_HOST
-              value: "{{ postgres_host }}"
+              valueFrom:
+                secretKeyRef:
+                  name: {{ _postgres_configuration_secret }}
+                  key: host
             - name: POSTGRES_SERVICE_PORT
-              value: "{{ postgres_port }}"
+              valueFrom:
+                secretKeyRef:
+                  name: {{ _postgres_configuration_secret }}
+                  key: port
 {% if pulp_combined_settings.cache_enabled %}
             - name: REDIS_SERVICE_HOST
               value: "{{ ansible_operator_meta.name }}-redis-svc"
@@ -255,9 +261,15 @@ spec:
               pulpcore-manager migrate
           env:
             - name: POSTGRES_SERVICE_HOST
-              value: "{{ postgres_host }}"
+              valueFrom:
+                secretKeyRef:
+                  name: {{ _postgres_configuration_secret }}
+                  key: host
             - name: POSTGRES_SERVICE_PORT
-              value: "{{ postgres_port }}"
+              valueFrom:
+                secretKeyRef:
+                  name: {{ _postgres_configuration_secret }}
+                  key: port
             - name: HOME
               value: "/var/lib/pulp"
           volumeMounts:

diff --git a/roles/galaxy-content/templates/galaxy-content.deployment.yaml.j2 b/roles/galaxy-content/templates/galaxy-content.deployment.yaml.j2
@@ -159,9 +159,15 @@ spec:
 {% endif %}
           env:
             - name: POSTGRES_SERVICE_HOST
-              value: "{{ postgres_host }}"
+              valueFrom:
+                secretKeyRef:
+                  name: {{ _postgres_configuration_secret }}
+                  key: host
             - name: POSTGRES_SERVICE_PORT
-              value: "{{ postgres_port }}"
+              valueFrom:
+                secretKeyRef:
+                  name: {{ _postgres_configuration_secret }}
+                  key: port
 {% if pulp_combined_settings.cache_enabled %}
             - name: REDIS_SERVICE_HOST
               value: "{{ ansible_operator_meta.name }}-redis-svc"

diff --git a/roles/galaxy-worker/templates/galaxy-worker.deployment.yaml.j2 b/roles/galaxy-worker/templates/galaxy-worker.deployment.yaml.j2
@@ -121,9 +121,15 @@ spec:
           - start-worker
           env:
             - name: POSTGRES_SERVICE_HOST
-              value: "{{ postgres_host }}"
+              valueFrom:
+                secretKeyRef:
+                  name: {{ _postgres_configuration_secret }}
+                  key: host
             - name: POSTGRES_SERVICE_PORT
-              value: "{{ postgres_port }}"
+              valueFrom:
+                secretKeyRef:
+                  name: {{ _postgres_configuration_secret }}
+                  key: port
 {% if pulp_combined_settings.cache_enabled %}
             - name: REDIS_SERVICE_HOST
               value: "{{ ansible_operator_meta.name }}-redis-svc"

diff --git a/roles/postgres/tasks/upgrade_postgres.yml b/roles/postgres/tasks/upgrade_postgres.yml
@@ -324,22 +324,3 @@
         status: "True"
         lastTransitionTime: "{{ lookup('pipe', 'date --iso-8601=seconds') }}"
 
-# Default to 1 replica if not specified
-- name: Scale up web and content Deployments using replicas from the custom resource
-  kubernetes.core.k8s_scale:
-    api_version: v1
-    kind: Deployment
-    name: "{{ item.name }}"
-    namespace: "{{ ansible_operator_meta.namespace }}"
-    replicas: "{{ item.replicas }}"
-  loop:
-    - name: "{{ ansible_operator_meta.name }}-api"
-      replicas: "{{ combined_api.replicas | default(1) }}"
-    - name: "{{ ansible_operator_meta.name }}-web"
-      replicas: "{{ combined_web.replicas | default(1)}}"
-    - name: "{{ ansible_operator_meta.name }}-content"
-      replicas: "{{ combined_content.replicas | default(1) }}"
-    - name: "{{ ansible_operator_meta.name }}-worker"
-      replicas: "{{ combined_worker.replicas | default(1)}}"
-    - name: "{{ ansible_operator_meta.name }}-redis"
-      replicas: "{{ combined_redis.replicas | default(1)}}"
diff --git a/roles/postgres/templates/postgres.yaml.j2 b/roles/postgres/templates/postgres.yaml.j2
@@ -56,34 +56,34 @@ spec:
             - name: POSTGRESQL_DATABASE
               valueFrom:
                 secretKeyRef:
-                  name: '{{ postgres_configuration_secret }}'
+                  name: '{{ _postgres_configuration_secret }}'
                   key: database
             - name: POSTGRESQL_USER
               valueFrom:
                 secretKeyRef:
-                  name: '{{ postgres_configuration_secret }}'
+                  name: '{{ _postgres_configuration_secret }}'
                   key: username
             - name: POSTGRESQL_PASSWORD
               valueFrom:
                 secretKeyRef:
-                  name: '{{ postgres_configuration_secret }}'
+                  name: '{{ _postgres_configuration_secret }}'
                   key: password
 
             # For postgres_image based on postgres
             - name: POSTGRES_DB
               valueFrom:
                 secretKeyRef:
-                  name: '{{ postgres_configuration_secret }}'
+                  name: '{{ _postgres_configuration_secret }}'
                   key: database
             - name: POSTGRES_USER
               valueFrom:
                 secretKeyRef:
-                  name: '{{ postgres_configuration_secret }}'
+                  name: '{{ _postgres_configuration_secret }}'
                   key: username
             - name: POSTGRES_PASSWORD
               valueFrom:
                 secretKeyRef:
-                  name: '{{ postgres_configuration_secret }}'
+                  name: '{{ _postgres_configuration_secret }}'
                   key: password
             - name: PGDATA
               value: '{{ postgres_data_path }}'