Set gold DR to active #124
There are no files selected for viewing
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,40 @@ | ||
| name: Set the dr deployment to active | ||
|
|
||
| on: | ||
| workflow_dispatch: | ||
| inputs: | ||
| namespace: | ||
| description: "The target namespace" | ||
| required: true | ||
| options: ["c6af30-dev", "c6af30-test", "c6af30-prod"] | ||
|
|
||
| env: | ||
| GITHUB_REGISTRY: ghcr.io | ||
| IMAGE_NAME: ${{ github.repository }} | ||
| TAG: sha-${{ github.sha }} | ||
| OPENSHIFT_SERVER: ${{ secrets.OPENSHIFT_SERVER }} | ||
|
|
||
| jobs: | ||
| set-dr-to-active: | ||
| runs-on: ubuntu-latest | ||
| environment: | ||
| name: development | ||
| steps: | ||
| - name: Checkout | ||
| uses: actions/checkout@v2 | ||
| - name: Log into golddr and remove patroni standby | ||
| uses: redhat-actions/oc-login@v1 | ||
| with: | ||
| openshift_server_url: ${{ secrets.OPENSHIFT_SERVER_GOLDDR }} | ||
| openshift_token: ${{ secrets.OPENSHIFT_TOKEN_GOLDDR }} | ||
|
There was a problem hiding this comment. We have seprate service accounts' tokens for each Gold namespaces, so not sure how the same token can be used in the three environments. "c6af30-dev", "c6af30-test", "c6af30-prod" There was a problem hiding this comment. I was thinking about this, wouldn't it be easier to have a single service account with access to the 3 namespaces? (6 if we include sandbox) Then we don't have to worry about keeping 6 sets of credentials in the github secrets |
||
| namespace: ${{ github.event.inputs.namespace }} | ||
| insecure_skip_tls_verify: true | ||
| - name: Set patroni-dr to primary | ||
| run: | | ||
| oc rsh -n ${{ github.event.inputs.namespace }} sso-patroni-0 curl -s -XPATCH -d '{ "standby_cluster":null}' http://localhost:8008/config | jq . | ||
|
There was a problem hiding this comment. does the extra spaces in There was a problem hiding this comment. and can we check the response result from the API endpoint to make sure the config patch is successfully before moving to the next step? we could set a condition in the next step depends on the response. There was a problem hiding this comment. Oh that's a really good idea. Thanks will look at it today |
||
| shell: bash | ||
| - name: Deploy keycloak-dr in active mode | ||
| run: | | ||
|
There was a problem hiding this comment. can we use There was a problem hiding this comment. good idea, I set helm as the working dir since we need the helpers.sh in the |
||
| chmod +x ./helm/keycloak/transition-scripts/deploy-golddr-active.sh | ||
| ./helm/keycloak/transition-scripts/deploy-golddr-active.sh ${{ github.event.inputs.namespace }} | ||
| shell: bash | ||
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,20 @@ | ||
| #!/bin/bash | ||
|
|
||
| NAMESPACE=$1 | ||
|
|
||
| pwd="$(dirname "$0")" | ||
| source "./helm/helpers.sh" | ||
|
|
||
| if ! check_kube_context "api-golddr-devops-gov-bc-ca"; then | ||
| echo "invalid context" | ||
| exit 1 | ||
| fi | ||
|
|
||
| helm repo add sso-charts https://bcgov.github.io/sso-helm-charts | ||
| helm repo update | ||
|
|
||
| cd ./helm/keycloak/ | ||
|
|
||
| helm upgrade --install sso-keycloak sso-charts/sso-keycloak \ | ||
| -n ${NAMESPACE} -f ./values-golddr-${NAMESPACE}.yaml \ | ||
| -f ./transition-values/set-dr-to-active-${NAMESPACE}.yaml --version v1.6.0 |
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,13 @@ | ||
| replicaCount: 0 | ||
|
|
||
| postgres: | ||
| host: sso-patroni | ||
| port: 5432 | ||
|
|
||
| patroni: | ||
| replicaCount: 3 | ||
|
|
||
| standby: | ||
| enabled: false | ||
| host: null | ||
| port: null |
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,46 @@ | ||
| replicaCount: 1 | ||
|
|
||
| image: | ||
| repository: ghcr.io/bcgov/sso | ||
| tag: v7.5-9-build.4 | ||
| pullPolicy: Always | ||
|
|
||
| resources: | ||
| limits: | ||
| cpu: 1 | ||
| memory: 1Gi | ||
| requests: | ||
| cpu: 0.5 | ||
| memory: 512M | ||
|
|
||
| postgres: | ||
| host: sso-patroni-gold.c6af30-test.svc.cluster.local | ||
| port: 56583 | ||
|
|
||
| patroni: | ||
| replicaCount: 2 | ||
| # credentials: | ||
| # existingSecret: false | ||
| # superuser: | ||
| # username: postgres | ||
| # password: | ||
| # admin: | ||
| # username: admin | ||
| # password: | ||
| # standby: | ||
| # username: standby | ||
| # password: | ||
|
|
||
| # additionalCredentials: | ||
| # - username: ssokeycloak | ||
| # password: | ||
| persistentVolume: | ||
| size: 2Gi | ||
|
|
||
| podDisruptionBudget: | ||
| enabled: true | ||
|
|
||
| standby: | ||
| enabled: true | ||
| host: sso-patroni-gold.c6af30-test.svc.cluster.local | ||
| port: 56583 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I don't see any places that makes use of
nameenvironment?There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
removed