Add a button to Workflow Dispatch to reset Dev

.github/workflows/cicd.yml

@@ -2,6 +2,12 @@ name: CICD
 
 on:
   workflow_dispatch:
+    inputs:
+      reset-deployments:
+        description: "Reset deployment: Clean start"
+        required: false
+        default: false
+        type: boolean
   push:
     branches:
       - master
@@ -340,6 +346,7 @@ jobs:
       cancel-in-progress: false
     environment:
       name: ${{
+        github.event.inputs.reset-deployments == 'true' && 'dev' ||
         github.event_name == 'release' && 'prod' ||
         (github.event_name == 'push' && github.event.repository.default_branch == github.ref_name) && 'stage' ||
         'dev'
@@ -394,6 +401,36 @@ jobs:
         with:
           authkey: ${{ secrets.TAILSCALE_AUTHKEY }}
           version: ${{ env.TAILSCALE_VERSION }}
+      - name: Helmfile Destroy
+        if: github.event.inputs.reset-deployments == 'true'
+        uses: helmfile/helmfile-action@v1.9.0
+        with:
+          helmfile-args: |
+            destroy \
+              --environment dev
+          helm-plugins: |
+            https://github.com/databus23/helm-diff,
+            https://github.com/jkroepke/helm-secrets,
+            https://github.com/aslafy-z/helm-git
+          helmfile-version: ${{ env.HELMFILE_VERSION }}
+          helm-version: ${{ env.HELM_VERSION }}
+      - name: Delete Pods and PVCs
+        if: github.event.inputs.reset-deployments == 'true'
+        run: kubectl delete pods,pvc --all --namespace yoma-v3-dev
+      - name: Deploy fresh DBs
+        if: github.event.inputs.reset-deployments == 'true'
+        uses: helmfile/helmfile-action@v1.9.0
+        with:
+          helmfile-args: |
+            apply \
+              --environment dev \
+              --selector=app=postgresql-keycloak \
+              --selector=app=postgresql \
+              --selector=app=redis
+          helm-plugins: |
+            https://github.com/databus23/helm-diff,
+            https://github.com/jkroepke/helm-secrets,
+            https://github.com/aslafy-z/helm-git
       # Diff on PR draft, otherwise Apply
       - name: Helmfile Apply/Diff Keycloak
         if: (

helm/keycloak/values.yaml

@@ -151,8 +151,10 @@ keycloak:
 
   serviceAccount:
     create: true
-    allowReadPods: true
+    # This creates a ClusterRole and ClusterRolebinding which is not needed
+    allowReadPods: false
 
+  # This creates a Role and Rolebinding which makes the above ClusterRole and ClusterRolebinding redundant
   rbac:
     create: true
     rules:

helmfile.yaml

@@ -72,7 +72,7 @@ releases:
     namespace: {{ .Values.namespace }}
     # https://github.com/bitnami/charts/tree/main/bitnami/postgresql
     chart: oci://registry-1.docker.io/bitnamicharts/postgresql
-    version: "14.3.1"
+    version: "15.2.5"
     installed: {{ .Values.postgresEnabled }}
     set:
       - name: fullnameOverride
@@ -81,6 +81,8 @@ releases:
         value: keycloak
       - name: auth.database
         value: keycloak
+      - name: primary.resourcesPreset
+        value: medium
     secrets:
       - ./helm/postgresql-keycloak/conf/{{ .Environment.Name }}/secrets.yaml
 
@@ -90,7 +92,7 @@ releases:
     namespace: {{ .Values.namespace }}
     # https://github.com/bitnami/charts/tree/main/bitnami/postgresql
     chart: oci://registry-1.docker.io/bitnamicharts/postgresql
-    version: "14.3.1"
+    version: "15.2.5"
     installed: {{ .Values.postgresEnabled }}
     set:
       - name: fullnameOverride
@@ -99,6 +101,8 @@ releases:
         value: yoma
       - name: auth.database
         value: yoma-dev
+      - name: primary.resourcesPreset
+        value: medium
       # - name: primary.extendedConfiguration
       #   value: |
       #     log_statement = 'all'
@@ -110,8 +114,9 @@ releases:
     labels:
       app: redis
     namespace: {{ .Values.namespace }}
+    # https://github.com/bitnami/charts/tree/main/bitnami/redis
     chart: oci://registry-1.docker.io/bitnamicharts/redis
-    version: "19.1.0"
+    version: "19.1.3"
     installed: {{ .Values.redisEnabled }}
     values:
       - fullnameOverride: redis
@@ -176,7 +181,7 @@ releases:
       - ./helm/yoma-web/conf/{{ .Environment.Name }}/secrets.yaml
 ---
 helmDefaults:
-  timeout: 180
+  timeout: 300
   wait: true
   atomic: true
   cleanupOnFail: true