From f2cca14a626f6207489c878cd20758219efcc6dd Mon Sep 17 00:00:00 2001 From: Robbie Blaine Date: Wed, 24 Apr 2024 17:57:15 +0200 Subject: [PATCH] Add a button to Workflow Dispatch to reset Dev * Bump Bitnami Postgres `14.3.1` -> `15.2.5` * Bump Bitnami Redis `19.1.0` -> `19.1.3` --- .github/workflows/cicd.yml | 37 +++++++++++++++++++++++++++++++++++++ helm/keycloak/values.yaml | 4 +++- helmfile.yaml | 13 +++++++++---- 3 files changed, 49 insertions(+), 5 deletions(-) diff --git a/.github/workflows/cicd.yml b/.github/workflows/cicd.yml index 982573669..feb299c0b 100644 --- a/.github/workflows/cicd.yml +++ b/.github/workflows/cicd.yml @@ -2,6 +2,12 @@ name: CICD on: workflow_dispatch: + inputs: + reset-deployments: + description: "Reset deployment: Clean start" + required: false + default: false + type: boolean push: branches: - master @@ -340,6 +346,7 @@ jobs: cancel-in-progress: false environment: name: ${{ + github.event.inputs.reset-deployments == 'true' && 'dev' || github.event_name == 'release' && 'prod' || (github.event_name == 'push' && github.event.repository.default_branch == github.ref_name) && 'stage' || 'dev' @@ -394,6 +401,36 @@ jobs: with: authkey: ${{ secrets.TAILSCALE_AUTHKEY }} version: ${{ env.TAILSCALE_VERSION }} + - name: Helmfile Destroy + if: github.event.inputs.reset-deployments == 'true' + uses: helmfile/helmfile-action@v1.9.0 + with: + helmfile-args: | + destroy \ + --environment dev + helm-plugins: | + https://github.com/databus23/helm-diff, + https://github.com/jkroepke/helm-secrets, + https://github.com/aslafy-z/helm-git + helmfile-version: ${{ env.HELMFILE_VERSION }} + helm-version: ${{ env.HELM_VERSION }} + - name: Delete Pods and PVCs + if: github.event.inputs.reset-deployments == 'true' + run: kubectl delete pods,pvc --all --namespace yoma-v3-dev + - name: Deploy fresh DBs + if: github.event.inputs.reset-deployments == 'true' + uses: helmfile/helmfile-action@v1.9.0 + with: + helmfile-args: | + apply \ + --environment dev \ + --selector=app=postgresql-keycloak \ + --selector=app=postgresql \ + --selector=app=redis + helm-plugins: | + https://github.com/databus23/helm-diff, + https://github.com/jkroepke/helm-secrets, + https://github.com/aslafy-z/helm-git # Diff on PR draft, otherwise Apply - name: Helmfile Apply/Diff Keycloak if: ( diff --git a/helm/keycloak/values.yaml b/helm/keycloak/values.yaml index f2a91d114..63a59f251 100644 --- a/helm/keycloak/values.yaml +++ b/helm/keycloak/values.yaml @@ -151,8 +151,10 @@ keycloak: serviceAccount: create: true - allowReadPods: true + # This creates a ClusterRole and ClusterRolebinding which is not needed + allowReadPods: false + # This creates a Role and Rolebinding which makes the above ClusterRole and ClusterRolebinding redundant rbac: create: true rules: diff --git a/helmfile.yaml b/helmfile.yaml index 19af94b5a..2302a7b65 100644 --- a/helmfile.yaml +++ b/helmfile.yaml @@ -72,7 +72,7 @@ releases: namespace: {{ .Values.namespace }} # https://github.com/bitnami/charts/tree/main/bitnami/postgresql chart: oci://registry-1.docker.io/bitnamicharts/postgresql - version: "14.3.1" + version: "15.2.5" installed: {{ .Values.postgresEnabled }} set: - name: fullnameOverride @@ -81,6 +81,8 @@ releases: value: keycloak - name: auth.database value: keycloak + - name: primary.resourcesPreset + value: medium secrets: - ./helm/postgresql-keycloak/conf/{{ .Environment.Name }}/secrets.yaml @@ -90,7 +92,7 @@ releases: namespace: {{ .Values.namespace }} # https://github.com/bitnami/charts/tree/main/bitnami/postgresql chart: oci://registry-1.docker.io/bitnamicharts/postgresql - version: "14.3.1" + version: "15.2.5" installed: {{ .Values.postgresEnabled }} set: - name: fullnameOverride @@ -99,6 +101,8 @@ releases: value: yoma - name: auth.database value: yoma-dev + - name: primary.resourcesPreset + value: medium # - name: primary.extendedConfiguration # value: | # log_statement = 'all' @@ -110,8 +114,9 @@ releases: labels: app: redis namespace: {{ .Values.namespace }} + # https://github.com/bitnami/charts/tree/main/bitnami/redis chart: oci://registry-1.docker.io/bitnamicharts/redis - version: "19.1.0" + version: "19.1.3" installed: {{ .Values.redisEnabled }} values: - fullnameOverride: redis @@ -176,7 +181,7 @@ releases: - ./helm/yoma-web/conf/{{ .Environment.Name }}/secrets.yaml --- helmDefaults: - timeout: 180 + timeout: 300 wait: true atomic: true cleanupOnFail: true