[MOSIP-27423] data-archive

charts/data-archive/.gitignore

@@ -0,0 +1 @@
+charts/

charts/data-archive/.helmignore

@@ -0,0 +1,24 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/
+.chart.lock

charts/data-archive/Chart.yaml

@@ -0,0 +1,19 @@
+apiVersion: v2
+name: data-archive
+description: A Helm chart for Kubernetes to initialize mosip_archive Postgres DB and execute py script to archive data from source db to archive db
+type: application
+version: 1.0.0
+dependencies:
+  - name: common
+    repository: https://charts.bitnami.com/bitnami
+    tags:
+      - bitnami-common
+    version: 1.x.x
+home: https://mosip.io
+keywords:
+  - postgres
+  - db
+  - database
+maintainers:
+  - email: [email protected]
+    name: MOSIP

charts/data-archive/templates/_helpers.tpl

@@ -0,0 +1,63 @@
+{{/*
+Return the proper  image name
+*/}}
+{{- define "data-archive.image" -}}
+{{ include "common.images.image" (dict "imageRoot" .Values.image "global" .Values.global) }}
+{{- end -}}
+
+{{/*
+Return the proper image name (for the init container volume-permissions image)
+*/}}
+{{- define "data-archive.volumePermissions.image" -}}
+{{- include "common.images.image" ( dict "imageRoot" .Values.volumePermissions.image "global" .Values.global ) -}}
+{{- end -}}
+
+{{/*
+Return the proper Docker Image Registry Secret Names
+*/}}
+{{- define "data-archive.imagePullSecrets" -}}
+{{- include "common.images.pullSecrets" (dict "images" (list .Values.image .Values.volumePermissions.image) "global" .Values.global) -}}
+{{- end -}}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "data-archive.serviceAccountName" -}}
+{{- if .Values.serviceAccount.create -}}
+    {{ default (printf "%s-foo" (include "common.names.fullname" .)) .Values.serviceAccount.name }}
+{{- else -}}
+    {{ default "default" .Values.serviceAccount.name }}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Compile all warnings into a single message.
+*/}}
+{{- define "data-archive.validateValues" -}}
+{{- $messages := list -}}
+{{- $messages := append $messages (include "data-archive.validateValues.foo" .) -}}
+{{- $messages := append $messages (include "data-archive.validateValues.bar" .) -}}
+{{- $messages := without $messages "" -}}
+{{- $message := join "\n" $messages -}}
+
+{{- if $message -}}
+{{-   printf "\nVALUES VALIDATION:\n%s" $message -}}
+{{- end -}}
+{{- end -}}
+
+{{/*
+Return podAnnotations
+*/}}
+{{- define "data-archive.podAnnotations" -}}
+{{- if .Values.podAnnotations }}
+{{ include "common.tplvalues.render" (dict "value" .Values.podAnnotations "context" $) }}
+{{- end }}
+{{- if and .Values.metrics.enabled .Values.metrics.podAnnotations }}
+{{ include "common.tplvalues.render" (dict "value" .Values.metrics.podAnnotations "context" $) }}
+{{- end }}
+{{- end -}}
+
+{{/* Create the name for restart cronjob */}}
+{{- define "data-archive.cronjob" -}}
+{{ default (printf "cronjob-%s" (include "common.names.fullname" .)) .Values.serviceAccount.name }}
+{{- end -}}

charts/data-archive/templates/all-db-tables-info-configmap.yaml

@@ -0,0 +1,25 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: {{ .Release.Name }}
+  labels:
+    {{- include "common.labels.standard" . | nindent 4 }}
+    app.kubernetes.io/component: your-component-name
+    {{- if .Values.commonLabels }}
+    {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
+    {{- end }}
+  {{- if .Values.commonAnnotations }}
+  annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
+  {{- end }}
+data:
+  audit_archive_table_info: {{ .Values.databases.all_db_tables_info.audit | toJson | quote }}
+  credential_archive_table_info: {{ .Values.databases.all_db_tables_info.credential | toJson | quote }}
+  esignet_archive_table_info: {{ .Values.databases.all_db_tables_info.esignet | toJson | quote }}
+  ida_archive_table_info: {{ .Values.databases.all_db_tables_info.ida | toJson | quote }}
+  idrepo_archive_table_info: {{ .Values.databases.all_db_tables_info.idrepo | toJson | quote }}
+  kernel_archive_table_info: {{ .Values.databases.all_db_tables_info.kernel | toJson | quote }}
+  master_archive_table_info: {{ .Values.databases.all_db_tables_info.master | toJson | quote }}
+  pms_archive_table_info: {{ .Values.databases.all_db_tables_info.pms | toJson | quote }}
+  prereg_archive_table_info: {{ .Values.databases.all_db_tables_info.prereg | toJson | quote }}
+  regprc_archive_table_info: {{ .Values.databases.all_db_tables_info.regprc | toJson | quote }}
+  resident_archive_table_info: {{ .Values.databases.all_db_tables_info.resident | toJson | quote }}

charts/data-archive/templates/archive-db-secret.yaml

@@ -0,0 +1,19 @@
+# secret.yaml
+apiVersion: v1
+kind: Secret
+metadata:
+  name: archive-db-secrets
+  namespace: {{ .Release.Namespace }}
+  labels: {{- include "common.labels.standard" . | nindent 4 }}
+    app.kubernetes.io/component: postgres
+    {{- if .Values.commonLabels }}
+    {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
+    {{- end }}
+  {{- if .Values.commonAnnotations }}
+  annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
+  {{- end }}
+type: Opaque
+data:
+  SU_USER_PWD: {{ .Values.databases.archive_db.su_user_pwd | b64enc | quote }}
+  DBUSER_PWD: {{ .Values.databases.archive_db.db_pwd | b64enc | quote }}
+  ARCHIVE_DB_PASS: {{ .Values.databases.archive_db.archive_db_password | b64enc | quote }}

charts/data-archive/templates/archive-env-configmap.yaml

@@ -0,0 +1,81 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: db-archive-init-env-config
+  namespace: {{ .Release.Namespace }}
+  labels: {{- include "common.labels.standard" . | nindent 4 }}
+    app.kubernetes.io/component: postgres
+    {{- if .Values.commonLabels }}
+    {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
+    {{- end }}
+  {{- if .Values.commonAnnotations }}
+  annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
+  {{- end }}
+data:
+  MOSIP_DB_NAME: {{ .Values.databases.archive_db.db_name | quote }}
+  SU_USER: {{ .Values.databases.archive_db.su_user | quote }}
+  DB_SERVERIP: {{ .Values.databases.archive_db.host | quote }}
+  DB_PORT: {{ .Values.databases.archive_db.port | quote }}
+  DML_FLAG: {{ .Values.databases.archive_db.dml | quote }}
+  DB_NAMES: {{ .Values.databases.source_db.provide_db_names_to_archive | quote }}
+  AUDIT_SOURCE_DB_HOST: {{ .Values.databases.source_db.source_audit_host | quote }}
+  AUDIT_SOURCE_DB_PORT: {{ .Values.databases.source_db.source_audit_port | quote }}
+  AUDIT_SOURCE_DB_UNAME: {{ .Values.databases.source_db.source_audit_uname | quote }}
+  AUDIT_SOURCE_DB_NAME: {{ .Values.databases.source_db.source_audit_dbname | quote }}
+  AUDIT_SOURCE_SCHEMA_NAME: {{ .Values.databases.source_db.source_audit_schemaname | quote }}
+  CREDENTIAL_SOURCE_DB_HOST: {{ .Values.databases.source_db.source_credential_host | quote }}
+  CREDENTIAL_SOURCE_DB_PORT: {{ .Values.databases.source_db.source_credential_port | quote }}
+  CREDENTIAL_SOURCE_DB_UNAME: {{ .Values.databases.source_db.source_credential_uname | quote }}
+  CREDENTIAL_SOURCE_DB_NAME: {{ .Values.databases.source_db.source_credential_dbname | quote }}
+  CREDENTIAL_SOURCE_SCHEMA_NAME: {{ .Values.databases.source_db.source_credential_schemaname | quote }}
+  ESIGNET_SOURCE_DB_HOST: {{ .Values.databases.source_db.source_esignet_host | quote }}
+  ESIGNET_SOURCE_DB_PORT: {{ .Values.databases.source_db.source_esignet_port | quote }}
+  ESIGNET_SOURCE_DB_UNAME: {{ .Values.databases.source_db.source_esignet_uname | quote }}
+  ESIGNET_SOURCE_DB_NAME: {{ .Values.databases.source_db.source_esignet_dbname | quote }}
+  ESIGNET_SOURCE_SCHEMA_NAME: {{ .Values.databases.source_db.source_esignet_schemaname | quote }}  
+  IDA_SOURCE_DB_HOST: {{ .Values.databases.source_db.source_ida_host | quote }}
+  IDA_SOURCE_DB_PORT: {{ .Values.databases.source_db.source_ida_port | quote }}
+  IDA_SOURCE_DB_UNAME: {{ .Values.databases.source_db.source_ida_uname | quote }}
+  IDA_SOURCE_DB_NAME: {{ .Values.databases.source_db.source_ida_dbname | quote }}
+  IDA_SOURCE_SCHEMA_NAME: {{ .Values.databases.source_db.source_ida_schemaname | quote }}  
+  IDREPO_SOURCE_DB_HOST: {{ .Values.databases.source_db.source_idrepo_host | quote }}
+  IDREPO_SOURCE_DB_PORT: {{ .Values.databases.source_db.source_idrepo_port | quote }}
+  IDREPO_SOURCE_DB_UNAME: {{ .Values.databases.source_db.source_idrepo_uname | quote }}
+  IDREPO_SOURCE_DB_NAME: {{ .Values.databases.source_db.source_idrepo_dbname | quote }}
+  IDREPO_SOURCE_SCHEMA_NAME: {{ .Values.databases.source_db.source_idrepo_schemaname | quote }}  
+  KERNEL_SOURCE_DB_HOST: {{ .Values.databases.source_db.source_kernel_host | quote }}
+  KERNEL_SOURCE_DB_PORT: {{ .Values.databases.source_db.source_kernel_port | quote }}
+  KERNEL_SOURCE_DB_UNAME: {{ .Values.databases.source_db.source_kernel_uname | quote }}
+  KERNEL_SOURCE_DB_NAME: {{ .Values.databases.source_db.source_kernel_dbname | quote }}
+  KERNEL_SOURCE_SCHEMA_NAME: {{ .Values.databases.source_db.source_kernel_schemaname | quote }}  
+  MASTER_SOURCE_DB_HOST: {{ .Values.databases.source_db.source_master_host | quote }}
+  MASTER_SOURCE_DB_PORT: {{ .Values.databases.source_db.source_master_port | quote }}
+  MASTER_SOURCE_DB_UNAME: {{ .Values.databases.source_db.source_master_uname | quote }}
+  MASTER_SOURCE_DB_NAME: {{ .Values.databases.source_db.source_master_dbname | quote }}
+  MASTER_SOURCE_SCHEMA_NAME: {{ .Values.databases.source_db.source_master_schemaname | quote }}  
+  PMS_SOURCE_DB_HOST: {{ .Values.databases.source_db.source_pms_host | quote }}
+  PMS_SOURCE_DB_PORT: {{ .Values.databases.source_db.source_pms_port | quote }}
+  PMS_SOURCE_DB_UNAME: {{ .Values.databases.source_db.source_pms_uname | quote }}
+  PMS_SOURCE_DB_NAME: {{ .Values.databases.source_db.source_pms_dbname | quote }}
+  PMS_SOURCE_SCHEMA_NAME: {{ .Values.databases.source_db.source_pms_schemaname | quote }}
+  PREREG_SOURCE_DB_HOST: {{ .Values.databases.source_db.source_prereg_host | quote }}
+  PREREG_SOURCE_DB_PORT: {{ .Values.databases.source_db.source_prereg_port | quote }}
+  PREREG_SOURCE_DB_UNAME: {{ .Values.databases.source_db.source_prereg_uname | quote }}
+  PREREG_SOURCE_DB_NAME: {{ .Values.databases.source_db.source_prereg_dbname | quote }}
+  PREREG_SOURCE_SCHEMA_NAME: {{ .Values.databases.source_db.source_prereg_schemaname | quote }} 
+  REGPRC_SOURCE_DB_HOST: {{ .Values.databases.source_db.source_regprc_host | quote }}
+  REGPRC_SOURCE_DB_PORT: {{ .Values.databases.source_db.source_regprc_port | quote }}
+  REGPRC_SOURCE_DB_UNAME: {{ .Values.databases.source_db.source_regprc_uname | quote }}
+  REGPRC_SOURCE_DB_NAME: {{ .Values.databases.source_db.source_regprc_dbname | quote }}
+  REGPRC_SOURCE_SCHEMA_NAME: {{ .Values.databases.source_db.source_regprc_schemaname | quote }}  
+  RESIDENT_SOURCE_DB_HOST: {{ .Values.databases.source_db.source_resident_host | quote }}
+  RESIDENT_SOURCE_DB_PORT: {{ .Values.databases.source_db.source_resident_port | quote }}
+  RESIDENT_SOURCE_DB_UNAME: {{ .Values.databases.source_db.source_resident_uname | quote }}
+  RESIDENT_SOURCE_DB_NAME: {{ .Values.databases.source_db.source_resident_dbname | quote }}
+  RESIDENT_SOURCE_SCHEMA_NAME: {{ .Values.databases.source_db.source_resident_schemaname | quote }}  
+  ARCHIVE_DB_HOST: {{ .Values.databases.archive_db.archivehost | quote }}
+  ARCHIVE_DB_PORT: {{ .Values.databases.archive_db.archiveport | quote }}
+  ARCHIVE_DB_UNAME: {{ .Values.databases.archive_db.archiveuname | quote }}
+  ARCHIVE_DB_NAME: {{ .Values.databases.archive_db.archive_dbname | quote }}
+  ARCHIVE_SCHEMA_NAME: {{ .Values.databases.archive_db.archive_schemaname | quote }}
+  CONTAINER_VOLUME_PATH: {{ .Values.databases.container_volume_path | quote }}

charts/data-archive/templates/clusterrolebinding.yaml

@@ -0,0 +1,19 @@
+kind: ClusterRoleBinding
+apiVersion: {{ include "common.capabilities.rbac.apiVersion" . }}
+metadata:
+  labels: {{- include "common.labels.standard" . | nindent 4 }}
+    {{- if .Values.commonLabels }}
+    {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
+    {{- end }}
+  name: {{ template "common.names.fullname" . }}
+  {{- if .Values.commonAnnotations }}
+  annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
+  {{- end }}
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: {{ template "common.names.fullname" . }}
+subjects:
+  - kind: ServiceAccount
+    name: {{ template "data-archive.serviceAccountName" . }}
+    namespace: {{ .Release.Namespace }}

charts/data-archive/templates/cronjob.yaml

@@ -0,0 +1,42 @@
+apiVersion: {{ include "common.capabilities.cronjob.apiVersion" $ }}
+kind: CronJob
+metadata:
+  name: {{ template "data-archive.cronjob" $ }}
+  namespace: {{ $.Release.Namespace }}
+spec:
+  concurrencyPolicy: Forbid
+  successfulJobsHistoryLimit: 1  # remove jobs which are successfully executed
+  failedJobsHistoryLimit: 1      # except 1 recent failed job, remove jobs which are not successfully executed
+  #schedule: '*/3 * * * *' # cron spec of time, here, 8 o'clock
+  schedule: {{ $.Values.crontime }}
+  jobTemplate:
+    spec:
+      backoffLimit: 2 # this has very low chance of failing, as all this does
+      # is prompt kubernetes to schedule new replica set for
+      # the deployment
+      # activeDeadlineSeconds: 600 # timeout, makes most sense with
+      # "waiting for rollout" variant specified below
+      template:
+        spec:
+          restartPolicy: Never
+          containers:
+            - name: {{ template "data-archive.serviceAccountName" $ }}
+              image: {{ template "data-archive.image" $ }}
+              imagePullPolicy: {{ $.Values.image.pullPolicy }}
+              volumeMounts:
+              - name: config-volume
+                mountPath: /all-db-info-json
+              env:
+                - name: container_user
+                  value: {{ $.Values.containerSecurityContext.runAsUser }}
+              envFrom:
+                - configMapRef:
+                    name: db-archive-init-env-config
+                - secretRef:
+                    name: source-db-secrets
+                - secretRef:
+                    name: archive-db-secrets
+          volumes:
+          - name: config-volume
+            configMap:
+              name: {{ .Release.Name }}

charts/data-archive/templates/serviceaccount.yaml

@@ -0,0 +1,12 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  labels: {{- include "common.labels.standard" . | nindent 4 }}
+    {{- if .Values.commonLabels }}
+    {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
+    {{- end }}
+  name: {{ template "data-archive.serviceAccountName" . }}
+  {{- if .Values.commonAnnotations }}
+  annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
+  {{- end }}
+  namespace: {{ .Release.Namespace }}

charts/data-archive/templates/source-db-secret.yaml

@@ -0,0 +1,27 @@
+# secret.yaml
+apiVersion: v1
+kind: Secret
+metadata:
+  name: source-db-secrets
+  namespace: {{ .Release.Namespace }}
+  labels: {{- include "common.labels.standard" . | nindent 4 }}
+    app.kubernetes.io/component: postgres
+    {{- if .Values.commonLabels }}
+    {{- include "common.tplvalues.render" ( dict "value" .Values.commonLabels "context" $ ) | nindent 4 }}
+    {{- end }}
+  {{- if .Values.commonAnnotations }}
+  annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
+  {{- end }}
+type: Opaque
+data:
+  AUDIT_SOURCE_DB_PASS: {{ .Values.databases.source_db.source_audit_db_pass | b64enc | quote }}
+  CREDENTIAL_SOURCE_DB_PASS: {{ .Values.databases.source_db.source_credential_db_pass | b64enc | quote }}
+  ESIGNET_SOURCE_DB_PASS: {{ .Values.databases.source_db.source_esignet_db_pass | b64enc | quote }}
+  IDA_SOURCE_DB_PASS: {{ .Values.databases.source_db.source_ida_db_pass | b64enc | quote }}
+  IDREPO_SOURCE_DB_PASS: {{ .Values.databases.source_db.source_idrepo_db_pass | b64enc | quote }}
+  KERNEL_SOURCE_DB_PASS: {{ .Values.databases.source_db.source_kernel_db_pass | b64enc | quote }}
+  MASTER_SOURCE_DB_PASS: {{ .Values.databases.source_db.source_master_db_pass | b64enc | quote }}
+  PMS_SOURCE_DB_PASS: {{ .Values.databases.source_db.source_pms_db_pass | b64enc | quote }}
+  PREREG_SOURCE_DB_PASS: {{ .Values.databases.source_db.source_prereg_db_pass | b64enc | quote }}
+  REGPRC_SOURCE_DB_PASS: {{ .Values.databases.source_db.source_regprc_db_pass | b64enc | quote }}
+  RESIDENT_SOURCE_DB_PASS: {{ .Values.databases.source_db.source_resident_db_pass | b64enc | quote }}