diff --git a/bin/Tiltfile b/bin/Tiltfile index 5361e2d8..28436689 100644 --- a/bin/Tiltfile +++ b/bin/Tiltfile @@ -66,16 +66,3 @@ cmd_button('Migrate db', icon_name='developer_board', text='Run database migration', ) - -pod_add_admin = ''' -set -eu -# get k8s pod name from tilt resource name -POD_NAME="$(tilt get kubernetesdiscovery impress-backend -ojsonpath='{.status.pods[0].name}')" -kubectl -n impress exec "$POD_NAME" -- python manage.py createsuperuser --email admin@example.com --password admin -''' -cmd_button('Add admin', - argv=['sh', '-c', pod_add_admin], - resource='impress-backend', - icon_name='developer_board', - text='Create superadmin', -) diff --git a/src/helm/env.d/dev/values.impress.yaml.gotmpl b/src/helm/env.d/dev/values.impress.yaml.gotmpl index 7e711043..81f5b6b6 100644 --- a/src/helm/env.d/dev/values.impress.yaml.gotmpl +++ b/src/helm/env.d/dev/values.impress.yaml.gotmpl @@ -47,6 +47,14 @@ backend: python manage.py create_demo --force restartPolicy: Never + createsuperuser: + command: + - "/bin/sh" + - "-c" + - | + python manage.py createsuperuser --email admin@example.com --password admin + restartPolicy: Never + frontend: envVars: PORT: 8080 diff --git a/src/helm/env.d/staging/secrets.enc.yaml b/src/helm/env.d/staging/secrets.enc.yaml index afc1c216..ae0c612c 100644 --- a/src/helm/env.d/staging/secrets.enc.yaml +++ b/src/helm/env.d/staging/secrets.enc.yaml @@ -1,8 +1,8 @@ -djangoSuperUserPass: ENC[AES256_GCM,data:SI+D1Zw=,iv:8qgW0GurOmIj0rK96uwe7Fd8vy/qL/lXPUacbI6fEbc=,tag:c8pUxk8dJB2PwdkT/v+SQA==,type:str] -djangoSecretKey: ENC[AES256_GCM,data:Huwvo8hDmaN/gA08ZunK8QpDzAUfMUG7Bay8t6R0j3Ft9xbJDj+wUN3OvRg96BEQzJU=,iv:EIhRr9vfPiUl1/BYu+EdnURyw6GRwA9snfua/YHl2wc=,tag:5Jg0WcTznIQRLsNzLZdtpw==,type:str] +djangoSuperUserPass: ENC[AES256_GCM,data:Ej4rSd73dYxRJ1jU9A==,iv:pj4+e3TneNw6kkQA0U6HOUlnJBfAzNSBoBBDLmxIJe4=,tag:GdEwF6/UHhH6gj+nEDmreA==,type:str] +djangoSecretKey: ENC[AES256_GCM,data:gW2ajtgZwPf+se4K0f2SyVW2tSl2bxKLn5EC5SNX5f/QZOZkop7s959GG/eeADkgwRE=,iv:CbcuCgl/Nadrfxy0gkDIMJ6dmx95BoQHn43iLxrmSDg=,tag:a3z8ilda0q4cA+EtxFb/tA==,type:str] oidc: - clientId: ENC[AES256_GCM,data:dbyq0iIRNo+iGVrX9DGsMrr0bdlsi1Z9RVz61bWxJPg0GGlB,iv:imP0uutbiDg4uWc6zIoGghEtPkXSPdeaywEOjkvqO+0=,tag:pCEp9ev7kokwzBpI7qKzEA==,type:str] - clientSecret: ENC[AES256_GCM,data:HjZC/GXyMn/UoMMs3C4xjL+B+UTyC4BtEfreiqKIWoOPdVyHJHOlytIl7QF+uO+bW0CNoNwcDceLdvYfXnK80A==,iv:p/BQZYdyCPeGpo/x1ydM25Ac5/dnb674Ai5uqdWvtJ4=,tag:yXS2StcxP4QZ+X7V0tT5Uw==,type:str] + clientId: ENC[AES256_GCM,data:ptPBMb4Zcp1Wk4HqNebVsgvaBD2twGuaCy3BNsxYguZaUygk,iv:dBbTRe/RpDKLsKwQj008D8M7Usu28DI/c6eumaP+fb8=,tag:tPO+NjzNg4j7q1urkVtK6w==,type:str] + clientSecret: ENC[AES256_GCM,data:vSrRLcV2cFKuTbUr3o837SubtNm8uYNMVc/0ZD3AG0OzvD4uVOSNRzfvfK68X0VOeUSw8PFddFVwmVGTe5XauQ==,iv:2DlSDHpdq/PtDL3D+0WoZuA/tfKigZdzrQTLibdaaQQ=,tag:kNz7QNHaF2Fb32ZvV7QlFQ==,type:str] sops: kms: [] gcp_kms: [] @@ -12,50 +12,50 @@ sops: - recipient: age15fyxdwmg5mvldtqqus87xspuws2u0cpvwheehrtvkexj4tnsqqysw6re2x enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBBZ2t2elFRbGhoY2JaRmox - R3NvM2VBeC9sNXdxN3hnRDZuK1VZdlhqRmo4CjhaWUw5QUR3a3pzTTY5eHc4dkdW - LzM4WlUzalJHem9EQ3pnUCt1R2pSM2sKLS0tIGZ0dTNuSCt5WXZlYWtUYjB4V1Uw - aTU5eGJqRWRVL2tvRDk5ZWpyVzRQeFEKfw+U98UZZNFDnn7MuSK2Wv1KOEIRfCM6 - AfFjC+9HlAyUR+iyjeqqRgrO6VHDq92AvZyP5rmMPGZDWfepwTau+Q== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA3Smh0VnlDZHlVMEUvTGVY + aFFOVXpsSVZTcWk5N1pOMWFlQ3FFT2RiVkdNCjYraHhMY2FvU3AydTVhS3l3NGxx + VWx3WGFEOVYyT0NkMFZKd2hSQUNOSFkKLS0tIDB4eXJLTDd2ZS91b0YxejV4QkJ4 + c2kyU254cUtZZEhkZUY5RGN4a2V3WVUKl3/j8mv0as9Q6TXJrMIU5ctyQzxD5YwP + MByw6rRAx5teDgQNG3U+85ru1k4oxWvOqF0DyZWWko1O8iCqdXhsOA== -----END AGE ENCRYPTED FILE----- - recipient: age16hnlml8yv4ynwy0seer57g8qww075crd0g7nsundz3pj4wk7m3vqftszg7 enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBYV3VIVVNNaWtsWDZKbTk3 - Qk9UL3Y3Szd1UStRZnFETnJGSjdCTEtaSW5jCnFiRnJ4Wk8xOE1Qa3VhdUZ3a0tK - TEpMUWNuQTVGSmY4eitEZ2FZYVQ5Qm8KLS0tIG8rSGloc0dzcnJDSzhRNWpsVm5X - OWprL2RHTWJ5STNyK0MwMXN3L0JOVzAKaW+9RDM+YTUpSF3sUV3q+TIrr3ZI216g - olxkNup9Jy6jbK1YVxdzay6lTR+Brg+2bqPDCZx9jIyKQP3m78UERQ== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBkTEIxRGdyRVNmbW1WRVRw + NWd2ZG00ZWVDeDA0bk11UUI2Y25FZldMTDNnCnc3VnZEVE1rdjc4VnZpeTZTNmM0 + UEplT3hrUGFCT0lIQUROY1g3U2JKZ28KLS0tIEhwZlZxNm1aaFljK2p6NFJDNkIz + cS9vVjdsV3J0b0V1YS85T0NHK3ZpdUEK8FErAEUY9gL7zo3khxkOtY4dQOIum8uv + zo3q0k5fN0lCzEOMf3JtNEcUWfVeiEbOXfYCN5/GvItrahLM14VDsA== -----END AGE ENCRYPTED FILE----- - recipient: age1plkp8td6zzfcavjusmsfrlk54t9vn8jjxm8zaz7cmnr7kzl2nfnsd54hwg enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB6WG8wM2NXY2hlOE1CU3hz - bnh5dTRZL2NuQWszSkxnV0xwcXhuN3ZRcERRCkJzeE5naTdYaWdodzNsSVMrZncw - YXdqLzFLNVU0SVZXNmREcHpvdkhNWXcKLS0tIDVWb2lMK3hZU0dMcUhUbGVDNWsx - dnhMa0pEM3ZQQ1pQMUFuNnhnMWtrcTQK+wU3EUIGWXC6vao1I4lOWWuE6XoLIAkK - 4edHmywzHmDbHNDWDdROw7jc/DMR3zTrvzyY69i8/RaIbfJL+Scx/Q== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBYSkRja3JFV0MrZjA1bDRG + MUY5TEI4SVgzQzFPUUs5ZExqTUlJN0ZYMEhVCnNxekthSEcxWnVPZ3NiTFJQMGxm + ZUlMN3NTTTMvMkNwSFM4aTlERFhVRnMKLS0tIFBObjlDbzkyVWcwcXFOSkwvUW1w + eGxFanpjNUUrR1BXV3BTTU9NdXNhZDAKZdNWLBukO8Bw+JFbEsPJqJzQuIgeXf2c + gWXX5K5Kq23YfBYJT0PjF9iR0k8JyB9gNpdkiYy6ohqhFkMIySFs7w== -----END AGE ENCRYPTED FILE----- - recipient: age12g6f5fse25tgrwweleh4jls3qs52hey2edh759smulwmk5lnzadslu2cp3 enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBDdHgzVXl2QzJqazR2MzhP - VHRiY1Zvdi9VRlBFWnF4T1grbm5LU0Vic0JNClR1VTlJVklSVDVCVTNDNmxhZUt2 - V1pUYjBNMjNQZWRJUDcycDcrSGx6OEUKLS0tIHFxRjk5Vm85OElVeE5lNzE1eGxG - aHo1M2pkQ05ub0laWCsyNWV6enMzOUUKKHDZ16fxx/6wfOeTtga/iDxP5zKdaCAL - OxZilGmf6OCfLv7BJ3+BWeILXFHYK1BiXxkH60h0BxRP59GBIEtpLA== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB0T3BZWlJtTkhjVHVzTGo5 + ZTJUTlZoalI1RUI2cDBSbUd3UGxwKzFCeDBjCmdQVTVQU0c3MHB6OVBydENIbE9P + RTMzditXT1A5VHNpdmFDWkRQMmdETjgKLS0tIFJyc0ZoL2ZXS2hYb0ZNcFl2TjZV + NVhrT0M1NFpKODlUZDNTNW5QdkdtaFUKnj6wNku3j6l8hCWhZHV6rq+4LNE4FYdv + xIm1og9vuvL6CSQGRkmLY0ZgEVlhSZ20wxDG+hvernlF/u17XEDdqg== -----END AGE ENCRYPTED FILE----- - recipient: age1qy04neuzwpasmvljqrcvhwnf0kz5cpyteze38c8avp0czewskasszv9pyw enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBrSERVbmxJaXloSW5DR0pT - V2pGUFp4TkJkUi9VYkIwTDI4bWUrc2FVcUNFCnA5LytWOWRiRWVPT1VNSDAzdU9m - dkM2NlgvRHhRWkE0Ujc5RFMrMnAwYW8KLS0tIEN5dWtqdW55QXFUL0VmREN6RjVP - S2p2T1llNnlveGZ5NG1ic2lGSWdndFEK151lp8jV15LxXwva6rYJkNtBnJSb4DPc - I2IJTkMF4pw8Z/zuDvDcHx5J6XDUycpjxEZtVmu84dclpPAf+tw8AA== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBZZk96VlVNK2ZKK0RLUnVY + NVdpKzUyODl5SXpxbTBrUDYyd2o2b21pc0Q0CnVUWmlGa2c4T011U3VVcW9hOEc4 + azNJTEpzZ0g0U2FuN3V4allyaG1YdDAKLS0tIGhHYWJkOFhCczB4V01mbjNZcGtm + Yk01dXJybWJOSnR1c28wMjVsRk40MDQKr6q2Qbb5Qi8PKUJ3DRVCDfUMKXDb68nK + QyWEBL4YsZco1rnPtX7xtzKiut15RBx63dG1C7NsiqFg5tD56N3NjA== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-04-23T09:52:58Z" - mac: ENC[AES256_GCM,data:ZoUXKuLe8AkrZojEmTQslLw9YuQI+cxHa17jDyic0ahqzQ9zrECpWFphFlisaUyNtp1L1ALH1SrNwO6Q7vqnLYKEGcjv0BIZDQvpfmTNrpFYG/shE9GzGq0UvRcjS6zdgjG9BxdLkb/5ke9AB7lUdGv2ztLD8SEQqHIbBAc4UCQ=,iv:j3X70vSidHqDIfxKnenFk5Tcs5V5yBOuLyioZcjiH4w=,tag:lgPX2WZXqZ8493Lwzv2rBg==,type:str] + lastmodified: "2024-05-08T10:44:25Z" + mac: ENC[AES256_GCM,data:bcS2cFxaclYLgJ1o5qxpemhXQNZzrsMs/Z1mfbBRsnvdOEa3aWehmN9JGgdVIjNdpdAxB/MX5DIViCDuqeuxg/EfzajEhB5k9a1H7pWLctb7dDAwq1Rla/FiuwISauNFoEQC1da8L34vVErLYHMyST5TI0gd8PB9WS2Lac6wnXU=,iv:5qlh8iGjA/qH/4R5bL5sx91CemDHGddc0D88DrDLXoo=,tag:5R26MV0ohoJ/0N3M7bMQzg==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.8.1 diff --git a/src/helm/env.d/staging/values.impress.yaml.gotmpl b/src/helm/env.d/staging/values.impress.yaml.gotmpl index b0b08cc8..346e6972 100644 --- a/src/helm/env.d/staging/values.impress.yaml.gotmpl +++ b/src/helm/env.d/staging/values.impress.yaml.gotmpl @@ -80,6 +80,14 @@ backend: name: redis.redis.libre.sh key: url + createsuperuser: + command: + - "/bin/sh" + - "-c" + - | + python manage.py createsuperuser --email admin@staging.com --password {{ .Values.djangoSuperUserPass }} + restartPolicy: Never + frontend: image: repository: lasuite/impress-frontend diff --git a/src/helm/impress/templates/backend_job_createsuperuser.yaml b/src/helm/impress/templates/backend_job_createsuperuser.yaml new file mode 100644 index 00000000..c6b6949b --- /dev/null +++ b/src/helm/impress/templates/backend_job_createsuperuser.yaml @@ -0,0 +1,121 @@ +{{- $envVars := include "impress.common.env" (list . .Values.backend) -}} +{{- $fullName := include "impress.backend.fullname" . -}} +{{- $component := "backend" -}} +apiVersion: batch/v1 +kind: Job +metadata: + name: {{ $fullName }}-createsuperuser + namespace: {{ .Release.Namespace | quote }} + {{- with .Values.backend.migrateJobAnnotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} + labels: + {{- include "impress.common.labels" (list . $component) | nindent 4 }} +spec: + template: + metadata: + annotations: + {{- with .Values.backend.podAnnotations }} + {{- toYaml . | nindent 8 }} + {{- end }} + labels: + {{- include "impress.common.selectorLabels" (list . $component) | nindent 8 }} + spec: + {{- if $.Values.image.credentials }} + imagePullSecrets: + - name: {{ include "impress.secret.dockerconfigjson.name" (dict "fullname" (include "impress.fullname" .) "imageCredentials" $.Values.image.credentials) }} + {{- end}} + shareProcessNamespace: {{ .Values.backend.shareProcessNamespace }} + containers: + {{- with .Values.backend.sidecars }} + {{- toYaml . | nindent 8 }} + {{- end }} + - name: {{ .Chart.Name }} + image: "{{ (.Values.backend.image | default dict).repository | default .Values.image.repository }}:{{ (.Values.backend.image | default dict).tag | default .Values.image.tag }}" + imagePullPolicy: {{ (.Values.backend.image | default dict).pullPolicy | default .Values.image.pullPolicy }} + {{- with .Values.backend.createsuperuser.command }} + command: + {{- toYaml . | nindent 12 }} + {{- end }} + {{- with .Values.backend.args }} + args: + {{- toYaml . | nindent 12 }} + {{- end }} + env: + {{- if $envVars}} + {{- $envVars | indent 12 }} + {{- end }} + {{- with .Values.backend.securityContext }} + securityContext: + {{- toYaml . | nindent 12 }} + {{- end }} + {{- with .Values.backend.resources }} + resources: + {{- toYaml . | nindent 12 }} + {{- end }} + volumeMounts: + {{- range $index, $value := .Values.mountFiles }} + - name: "files-{{ $index }}" + mountPath: {{ $value.path }} + subPath: content + {{- end }} + {{- range $name, $volume := .Values.backend.persistence }} + - name: "{{ $name }}" + mountPath: "{{ $volume.mountPath }}" + {{- end }} + {{- range .Values.backend.extraVolumeMounts }} + - name: {{ .name }} + mountPath: {{ .mountPath }} + subPath: {{ .subPath | default "" }} + readOnly: {{ .readOnly }} + {{- end }} + {{- with .Values.backend.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.backend.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.backend.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} + restartPolicy: {{ .Values.backend.createsuperuser.restartPolicy }} + volumes: + {{- range $index, $value := .Values.mountFiles }} + - name: "files-{{ $index }}" + configMap: + name: "{{ include "impress.fullname" $ }}-files-{{ $index }}" + {{- end }} + {{- range $name, $volume := .Values.backend.persistence }} + - name: "{{ $name }}" + {{- if eq $volume.type "emptyDir" }} + emptyDir: {} + {{- else }} + persistentVolumeClaim: + claimName: "{{ $fullName }}-{{ $name }}" + {{- end }} + {{- end }} + {{- range .Values.backend.extraVolumes }} + - name: {{ .name }} + {{- if .existingClaim }} + persistentVolumeClaim: + claimName: {{ .existingClaim }} + {{- else if .hostPath }} + hostPath: + {{ toYaml .hostPath | nindent 12 }} + {{- else if .csi }} + csi: + {{- toYaml .csi | nindent 12 }} + {{- else if .configMap }} + configMap: + {{- toYaml .configMap | nindent 12 }} + {{- else if .emptyDir }} + emptyDir: + {{- toYaml .emptyDir | nindent 12 }} + {{- else }} + emptyDir: {} + {{- end }} + {{- end }}