studio/docs
Archived
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

👷(helm) command createsuperuser

Browse Source 
We sometimes need a superuser in the Django
application, to fix eventual db issues.
This commit adds a superuser on the pods.
This commit is contained in:
Anthony LC
2024-05-13 09:39:33 +02:00
committed by Anthony LC
parent f0b3090a73
commit f0a4de361e
5 changed files with 168 additions and 44 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
bin/Tiltfile
View File

@@ -66,16 +66,3 @@ cmd_button('Migrate db',
icon_name='developer_board',
text='Run database migration',
)
pod_add_admin = '''
set -eu
# get k8s pod name from tilt resource name
POD_NAME="$(tilt get kubernetesdiscovery impress-backend -ojsonpath='{.status.pods[0].name}')"
kubectl -n impress exec "$POD_NAME" -- python manage.py createsuperuser --email admin@example.com --password admin
'''
cmd_button('Add admin',
argv=['sh', '-c', pod_add_admin],
resource='impress-backend',
icon_name='developer_board',
text='Create superadmin',
)

8
src/helm/env.d/dev/values.impress.yaml.gotmpl
View File

@@ -47,6 +47,14 @@ backend:
python manage.py create_demo --force
restartPolicy: Never
createsuperuser:
command:
- "/bin/sh"
- "-c"
- |
python manage.py createsuperuser --email admin@example.com --password admin
restartPolicy: Never
frontend:
envVars:
PORT: 8080

62
src/helm/env.d/staging/secrets.enc.yaml
View File

@@ -1,8 +1,8 @@
djangoSuperUserPass: ENC[AES256_GCM,data:SI+D1Zw=,iv:8qgW0GurOmIj0rK96uwe7Fd8vy/qL/lXPUacbI6fEbc=,tag:c8pUxk8dJB2PwdkT/v+SQA==,type:str]
djangoSecretKey: ENC[AES256_GCM,data:Huwvo8hDmaN/gA08ZunK8QpDzAUfMUG7Bay8t6R0j3Ft9xbJDj+wUN3OvRg96BEQzJU=,iv:EIhRr9vfPiUl1/BYu+EdnURyw6GRwA9snfua/YHl2wc=,tag:5Jg0WcTznIQRLsNzLZdtpw==,type:str]
djangoSuperUserPass: ENC[AES256_GCM,data:Ej4rSd73dYxRJ1jU9A==,iv:pj4+e3TneNw6kkQA0U6HOUlnJBfAzNSBoBBDLmxIJe4=,tag:GdEwF6/UHhH6gj+nEDmreA==,type:str]
djangoSecretKey: ENC[AES256_GCM,data:gW2ajtgZwPf+se4K0f2SyVW2tSl2bxKLn5EC5SNX5f/QZOZkop7s959GG/eeADkgwRE=,iv:CbcuCgl/Nadrfxy0gkDIMJ6dmx95BoQHn43iLxrmSDg=,tag:a3z8ilda0q4cA+EtxFb/tA==,type:str]
oidc:
clientId: ENC[AES256_GCM,data:dbyq0iIRNo+iGVrX9DGsMrr0bdlsi1Z9RVz61bWxJPg0GGlB,iv:imP0uutbiDg4uWc6zIoGghEtPkXSPdeaywEOjkvqO+0=,tag:pCEp9ev7kokwzBpI7qKzEA==,type:str]
clientSecret: ENC[AES256_GCM,data:HjZC/GXyMn/UoMMs3C4xjL+B+UTyC4BtEfreiqKIWoOPdVyHJHOlytIl7QF+uO+bW0CNoNwcDceLdvYfXnK80A==,iv:p/BQZYdyCPeGpo/x1ydM25Ac5/dnb674Ai5uqdWvtJ4=,tag:yXS2StcxP4QZ+X7V0tT5Uw==,type:str]
clientId: ENC[AES256_GCM,data:ptPBMb4Zcp1Wk4HqNebVsgvaBD2twGuaCy3BNsxYguZaUygk,iv:dBbTRe/RpDKLsKwQj008D8M7Usu28DI/c6eumaP+fb8=,tag:tPO+NjzNg4j7q1urkVtK6w==,type:str]
clientSecret: ENC[AES256_GCM,data:vSrRLcV2cFKuTbUr3o837SubtNm8uYNMVc/0ZD3AG0OzvD4uVOSNRzfvfK68X0VOeUSw8PFddFVwmVGTe5XauQ==,iv:2DlSDHpdq/PtDL3D+0WoZuA/tfKigZdzrQTLibdaaQQ=,tag:kNz7QNHaF2Fb32ZvV7QlFQ==,type:str]
sops:
kms: []
gcp_kms: []
@@ -12,50 +12,50 @@ sops:
- recipient: age15fyxdwmg5mvldtqqus87xspuws2u0cpvwheehrtvkexj4tnsqqysw6re2x
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBBZ2t2elFRbGhoY2JaRmox
R3NvM2VBeC9sNXdxN3hnRDZuK1VZdlhqRmo4CjhaWUw5QUR3a3pzTTY5eHc4dkdW
LzM4WlUzalJHem9EQ3pnUCt1R2pSM2sKLS0tIGZ0dTNuSCt5WXZlYWtUYjB4V1Uw
aTU5eGJqRWRVL2tvRDk5ZWpyVzRQeFEKfw+U98UZZNFDnn7MuSK2Wv1KOEIRfCM6
AfFjC+9HlAyUR+iyjeqqRgrO6VHDq92AvZyP5rmMPGZDWfepwTau+Q==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA3Smh0VnlDZHlVMEUvTGVY
aFFOVXpsSVZTcWk5N1pOMWFlQ3FFT2RiVkdNCjYraHhMY2FvU3AydTVhS3l3NGxx
VWx3WGFEOVYyT0NkMFZKd2hSQUNOSFkKLS0tIDB4eXJLTDd2ZS91b0YxejV4QkJ4
c2kyU254cUtZZEhkZUY5RGN4a2V3WVUKl3/j8mv0as9Q6TXJrMIU5ctyQzxD5YwP
MByw6rRAx5teDgQNG3U+85ru1k4oxWvOqF0DyZWWko1O8iCqdXhsOA==
-----END AGE ENCRYPTED FILE-----
- recipient: age16hnlml8yv4ynwy0seer57g8qww075crd0g7nsundz3pj4wk7m3vqftszg7
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBYV3VIVVNNaWtsWDZKbTk3
Qk9UL3Y3Szd1UStRZnFETnJGSjdCTEtaSW5jCnFiRnJ4Wk8xOE1Qa3VhdUZ3a0tK
TEpMUWNuQTVGSmY4eitEZ2FZYVQ5Qm8KLS0tIG8rSGloc0dzcnJDSzhRNWpsVm5X
OWprL2RHTWJ5STNyK0MwMXN3L0JOVzAKaW+9RDM+YTUpSF3sUV3q+TIrr3ZI216g
olxkNup9Jy6jbK1YVxdzay6lTR+Brg+2bqPDCZx9jIyKQP3m78UERQ==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBkTEIxRGdyRVNmbW1WRVRw
NWd2ZG00ZWVDeDA0bk11UUI2Y25FZldMTDNnCnc3VnZEVE1rdjc4VnZpeTZTNmM0
UEplT3hrUGFCT0lIQUROY1g3U2JKZ28KLS0tIEhwZlZxNm1aaFljK2p6NFJDNkIz
cS9vVjdsV3J0b0V1YS85T0NHK3ZpdUEK8FErAEUY9gL7zo3khxkOtY4dQOIum8uv
zo3q0k5fN0lCzEOMf3JtNEcUWfVeiEbOXfYCN5/GvItrahLM14VDsA==
-----END AGE ENCRYPTED FILE-----
- recipient: age1plkp8td6zzfcavjusmsfrlk54t9vn8jjxm8zaz7cmnr7kzl2nfnsd54hwg
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB6WG8wM2NXY2hlOE1CU3hz
bnh5dTRZL2NuQWszSkxnV0xwcXhuN3ZRcERRCkJzeE5naTdYaWdodzNsSVMrZncw
YXdqLzFLNVU0SVZXNmREcHpvdkhNWXcKLS0tIDVWb2lMK3hZU0dMcUhUbGVDNWsx
dnhMa0pEM3ZQQ1pQMUFuNnhnMWtrcTQK+wU3EUIGWXC6vao1I4lOWWuE6XoLIAkK
4edHmywzHmDbHNDWDdROw7jc/DMR3zTrvzyY69i8/RaIbfJL+Scx/Q==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBYSkRja3JFV0MrZjA1bDRG
MUY5TEI4SVgzQzFPUUs5ZExqTUlJN0ZYMEhVCnNxekthSEcxWnVPZ3NiTFJQMGxm
ZUlMN3NTTTMvMkNwSFM4aTlERFhVRnMKLS0tIFBObjlDbzkyVWcwcXFOSkwvUW1w
eGxFanpjNUUrR1BXV3BTTU9NdXNhZDAKZdNWLBukO8Bw+JFbEsPJqJzQuIgeXf2c
gWXX5K5Kq23YfBYJT0PjF9iR0k8JyB9gNpdkiYy6ohqhFkMIySFs7w==
-----END AGE ENCRYPTED FILE-----
- recipient: age12g6f5fse25tgrwweleh4jls3qs52hey2edh759smulwmk5lnzadslu2cp3
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBDdHgzVXl2QzJqazR2MzhP
VHRiY1Zvdi9VRlBFWnF4T1grbm5LU0Vic0JNClR1VTlJVklSVDVCVTNDNmxhZUt2
V1pUYjBNMjNQZWRJUDcycDcrSGx6OEUKLS0tIHFxRjk5Vm85OElVeE5lNzE1eGxG
aHo1M2pkQ05ub0laWCsyNWV6enMzOUUKKHDZ16fxx/6wfOeTtga/iDxP5zKdaCAL
OxZilGmf6OCfLv7BJ3+BWeILXFHYK1BiXxkH60h0BxRP59GBIEtpLA==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB0T3BZWlJtTkhjVHVzTGo5
ZTJUTlZoalI1RUI2cDBSbUd3UGxwKzFCeDBjCmdQVTVQU0c3MHB6OVBydENIbE9P
RTMzditXT1A5VHNpdmFDWkRQMmdETjgKLS0tIFJyc0ZoL2ZXS2hYb0ZNcFl2TjZV
NVhrT0M1NFpKODlUZDNTNW5QdkdtaFUKnj6wNku3j6l8hCWhZHV6rq+4LNE4FYdv
xIm1og9vuvL6CSQGRkmLY0ZgEVlhSZ20wxDG+hvernlF/u17XEDdqg==
-----END AGE ENCRYPTED FILE-----
- recipient: age1qy04neuzwpasmvljqrcvhwnf0kz5cpyteze38c8avp0czewskasszv9pyw
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBrSERVbmxJaXloSW5DR0pT
V2pGUFp4TkJkUi9VYkIwTDI4bWUrc2FVcUNFCnA5LytWOWRiRWVPT1VNSDAzdU9m
dkM2NlgvRHhRWkE0Ujc5RFMrMnAwYW8KLS0tIEN5dWtqdW55QXFUL0VmREN6RjVP
S2p2T1llNnlveGZ5NG1ic2lGSWdndFEK151lp8jV15LxXwva6rYJkNtBnJSb4DPc
I2IJTkMF4pw8Z/zuDvDcHx5J6XDUycpjxEZtVmu84dclpPAf+tw8AA==
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBZZk96VlVNK2ZKK0RLUnVY
NVdpKzUyODl5SXpxbTBrUDYyd2o2b21pc0Q0CnVUWmlGa2c4T011U3VVcW9hOEc4
azNJTEpzZ0g0U2FuN3V4allyaG1YdDAKLS0tIGhHYWJkOFhCczB4V01mbjNZcGtm
Yk01dXJybWJOSnR1c28wMjVsRk40MDQKr6q2Qbb5Qi8PKUJ3DRVCDfUMKXDb68nK
QyWEBL4YsZco1rnPtX7xtzKiut15RBx63dG1C7NsiqFg5tD56N3NjA==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-04-23T09:52:58Z"
mac: ENC[AES256_GCM,data:ZoUXKuLe8AkrZojEmTQslLw9YuQI+cxHa17jDyic0ahqzQ9zrECpWFphFlisaUyNtp1L1ALH1SrNwO6Q7vqnLYKEGcjv0BIZDQvpfmTNrpFYG/shE9GzGq0UvRcjS6zdgjG9BxdLkb/5ke9AB7lUdGv2ztLD8SEQqHIbBAc4UCQ=,iv:j3X70vSidHqDIfxKnenFk5Tcs5V5yBOuLyioZcjiH4w=,tag:lgPX2WZXqZ8493Lwzv2rBg==,type:str]
lastmodified: "2024-05-08T10:44:25Z"
mac: ENC[AES256_GCM,data:bcS2cFxaclYLgJ1o5qxpemhXQNZzrsMs/Z1mfbBRsnvdOEa3aWehmN9JGgdVIjNdpdAxB/MX5DIViCDuqeuxg/EfzajEhB5k9a1H7pWLctb7dDAwq1Rla/FiuwISauNFoEQC1da8L34vVErLYHMyST5TI0gd8PB9WS2Lac6wnXU=,iv:5qlh8iGjA/qH/4R5bL5sx91CemDHGddc0D88DrDLXoo=,tag:5R26MV0ohoJ/0N3M7bMQzg==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.8.1

8
src/helm/env.d/staging/values.impress.yaml.gotmpl
View File

@@ -80,6 +80,14 @@ backend:
name: redis.redis.libre.sh
key: url
createsuperuser:
command:
- "/bin/sh"
- "-c"
- |
python manage.py createsuperuser --email admin@staging.com --password {{ .Values.djangoSuperUserPass }}
restartPolicy: Never
frontend:
image:
repository: lasuite/impress-frontend

121
src/helm/impress/templates/backend_job_createsuperuser.yaml Normal file
View File

@@ -0,0 +1,121 @@
{{- $envVars := include "impress.common.env" (list . .Values.backend) -}}
{{- $fullName := include "impress.backend.fullname" . -}}
{{- $component := "backend" -}}
apiVersion: batch/v1
kind: Job
metadata:
name: {{ $fullName }}-createsuperuser
namespace: {{ .Release.Namespace | quote }}
{{- with .Values.backend.migrateJobAnnotations }}
annotations:
{{- toYaml . | nindent 4 }}
{{- end }}
labels:
{{- include "impress.common.labels" (list . $component) | nindent 4 }}
spec:
template:
metadata:
annotations:
{{- with .Values.backend.podAnnotations }}
{{- toYaml . | nindent 8 }}
{{- end }}
labels:
{{- include "impress.common.selectorLabels" (list . $component) | nindent 8 }}
spec:
{{- if $.Values.image.credentials }}
imagePullSecrets:
- name: {{ include "impress.secret.dockerconfigjson.name" (dict "fullname" (include "impress.fullname" .) "imageCredentials" $.Values.image.credentials) }}
{{- end}}
shareProcessNamespace: {{ .Values.backend.shareProcessNamespace }}
containers:
{{- with .Values.backend.sidecars }}
{{- toYaml . | nindent 8 }}
{{- end }}
- name: {{ .Chart.Name }}
image: "{{ (.Values.backend.image | default dict).repository | default .Values.image.repository }}:{{ (.Values.backend.image | default dict).tag | default .Values.image.tag }}"
imagePullPolicy: {{ (.Values.backend.image | default dict).pullPolicy | default .Values.image.pullPolicy }}
{{- with .Values.backend.createsuperuser.command }}
command:
{{- toYaml . | nindent 12 }}
{{- end }}
{{- with .Values.backend.args }}
args:
{{- toYaml . | nindent 12 }}
{{- end }}
env:
{{- if $envVars}}
{{- $envVars | indent 12 }}
{{- end }}
{{- with .Values.backend.securityContext }}
securityContext:
{{- toYaml . | nindent 12 }}
{{- end }}
{{- with .Values.backend.resources }}
resources:
{{- toYaml . | nindent 12 }}
{{- end }}
volumeMounts:
{{- range $index, $value := .Values.mountFiles }}
- name: "files-{{ $index }}"
mountPath: {{ $value.path }}
subPath: content
{{- end }}
{{- range $name, $volume := .Values.backend.persistence }}
- name: "{{ $name }}"
mountPath: "{{ $volume.mountPath }}"
{{- end }}
{{- range .Values.backend.extraVolumeMounts }}
- name: {{ .name }}
mountPath: {{ .mountPath }}
subPath: {{ .subPath | default "" }}
readOnly: {{ .readOnly }}
{{- end }}
{{- with .Values.backend.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.backend.affinity }}
affinity:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.backend.tolerations }}
tolerations:
{{- toYaml . | nindent 8 }}
{{- end }}
restartPolicy: {{ .Values.backend.createsuperuser.restartPolicy }}
volumes:
{{- range $index, $value := .Values.mountFiles }}
- name: "files-{{ $index }}"
configMap:
name: "{{ include "impress.fullname" $ }}-files-{{ $index }}"
{{- end }}
{{- range $name, $volume := .Values.backend.persistence }}
- name: "{{ $name }}"
{{- if eq $volume.type "emptyDir" }}
emptyDir: {}
{{- else }}
persistentVolumeClaim:
claimName: "{{ $fullName }}-{{ $name }}"
{{- end }}
{{- end }}
{{- range .Values.backend.extraVolumes }}
- name: {{ .name }}
{{- if .existingClaim }}
persistentVolumeClaim:
claimName: {{ .existingClaim }}
{{- else if .hostPath }}
hostPath:
{{ toYaml .hostPath | nindent 12 }}
{{- else if .csi }}
csi:
{{- toYaml .csi | nindent 12 }}
{{- else if .configMap }}
configMap:
{{- toYaml .configMap | nindent 12 }}
{{- else if .emptyDir }}
emptyDir:
{{- toYaml .emptyDir | nindent 12 }}
{{- else }}
emptyDir: {}
{{- end }}
{{- end }}