👷(helm) command createsuperuser

We need a superuser in the Django application, to have access to the admin part. This commit create a superuser on the pods.
2024-06-19 10:39:18 +02:00
parent 9a7a8e4a34
commit 3c481e75bb
6 changed files with 151 additions and 13 deletions
--- a/bin/Tiltfile
+++ b/bin/Tiltfile
@@ -56,16 +56,3 @@ cmd_button('Migrate db',
           icon_name='developer_board',
           text='Run database migration',
 )
-
-pod_add_admin = '''
-set -eu
-# get k8s pod name from tilt resource name
-POD_NAME="$(tilt get kubernetesdiscovery desk-backend -ojsonpath='{.status.pods[0].name}')"
-kubectl -n desk exec "$POD_NAME" -- python manage.py createsuperuser --password admin --admin_email admin@example.com
-'''
-cmd_button('Add admin',
-           argv=['sh', '-c', pod_add_admin],
-           resource='desk-backend',
-           icon_name='developer_board',
-           text='Create superadmin',
-)
--- a/src/helm/desk/templates/backend_job_createsuperuser.yaml
+++ b/src/helm/desk/templates/backend_job_createsuperuser.yaml
@@ -0,0 +1,121 @@
+{{- $envVars := include "desk.common.env" (list . .Values.backend) -}}
+{{- $fullName := include "desk.backend.fullname" . -}}
+{{- $component := "backend" -}}
+apiVersion: batch/v1
+kind: Job
+metadata:
+  name: {{ $fullName }}-createsuperuser
+  namespace: {{ .Release.Namespace | quote }}
+  {{- with .Values.backend.migrateJobAnnotations }}
+  annotations:
+    {{- toYaml . | nindent 4 }}
+  {{- end }}
+  labels:
+    {{- include "desk.common.labels" (list . $component) | nindent 4 }}
+spec:
+  template:
+    metadata:
+      annotations:
+        {{- with .Values.backend.podAnnotations }}
+        {{- toYaml . | nindent 8 }}
+        {{- end }}
+      labels:
+        {{- include "desk.common.selectorLabels" (list . $component) | nindent 8 }}
+    spec:
+      {{- if $.Values.image.credentials }}
+      imagePullSecrets:
+        - name: {{ include "desk.secret.dockerconfigjson.name" (dict "fullname" (include "desk.fullname" .) "imageCredentials" $.Values.image.credentials) }}
+      {{- end}}
+      shareProcessNamespace: {{ .Values.backend.shareProcessNamespace }}
+      containers:
+        {{- with .Values.backend.sidecars }}
+          {{- toYaml . | nindent 8 }}
+        {{- end }}
+        - name: {{ .Chart.Name }}
+          image: "{{ (.Values.backend.image | default dict).repository | default .Values.image.repository }}:{{ (.Values.backend.image | default dict).tag | default .Values.image.tag }}"
+          imagePullPolicy: {{ (.Values.backend.image | default dict).pullPolicy | default .Values.image.pullPolicy }}
+          {{- with .Values.backend.createsuperuser.command }}
+          command:
+            {{- toYaml . | nindent 12 }}
+          {{- end }}
+          {{- with .Values.backend.args }}
+          args:
+            {{- toYaml . | nindent 12 }}
+          {{- end }}
+          env:
+            {{- if $envVars}}
+            {{- $envVars | indent 12 }}
+            {{- end }}
+          {{- with .Values.backend.securityContext }}
+          securityContext:
+            {{- toYaml . | nindent 12 }}
+          {{- end }}
+          {{- with .Values.backend.resources }}
+          resources:
+            {{- toYaml . | nindent 12 }}
+          {{- end }}
+          volumeMounts:
+            {{- range $index, $value := .Values.mountFiles }}
+            - name: "files-{{ $index }}"
+              mountPath: {{ $value.path }}
+              subPath: content
+            {{- end }}
+            {{- range $name, $volume := .Values.backend.persistence }}
+            - name: "{{ $name }}"
+              mountPath: "{{ $volume.mountPath }}"
+            {{- end }}
+            {{- range .Values.backend.extraVolumeMounts }}
+            - name: {{ .name }}
+              mountPath: {{ .mountPath }}
+              subPath: {{ .subPath | default "" }}
+              readOnly: {{ .readOnly }}
+            {{- end }}
+      {{- with .Values.backend.nodeSelector }}
+      nodeSelector:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.backend.affinity }}
+      affinity:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      {{- with .Values.backend.tolerations }}
+      tolerations:
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
+      restartPolicy: {{ .Values.backend.createsuperuser.restartPolicy }}
+      volumes:
+        {{- range $index, $value := .Values.mountFiles }}
+        - name: "files-{{ $index }}"
+          configMap:
+            name: "{{ include "desk.fullname" $ }}-files-{{ $index }}"
+        {{- end }}
+        {{- range $name, $volume := .Values.backend.persistence }}
+        - name: "{{ $name }}"
+          {{- if eq $volume.type "emptyDir" }}
+          emptyDir: {}
+          {{- else }}
+          persistentVolumeClaim:
+            claimName: "{{ $fullName }}-{{ $name }}"
+          {{- end }}
+        {{- end }}
+        {{- range .Values.backend.extraVolumes }}
+        - name: {{ .name }}
+          {{- if .existingClaim }}
+          persistentVolumeClaim:
+            claimName: {{ .existingClaim }}
+          {{- else if .hostPath }}
+          hostPath:
+            {{ toYaml .hostPath | nindent 12 }}
+          {{- else if .csi }}
+          csi:
+            {{- toYaml .csi | nindent 12 }}
+          {{- else if .configMap }}
+          configMap:
+            {{- toYaml .configMap | nindent 12 }}
+          {{- else if .emptyDir }}
+          emptyDir:
+            {{- toYaml .emptyDir | nindent 12 }}
+          {{- else }}
+          emptyDir: {}
+          {{- end }}
+        {{- end }}
--- a/src/helm/env.d/dev/values.desk.yaml.gotmpl
+++ b/src/helm/env.d/dev/values.desk.yaml.gotmpl
@@ -57,6 +57,13 @@ backend:
    - "people.wsgi:application"
    - "--reload"

+  createsuperuser:
+    command:
+      - "/bin/sh"
+      - "-c"
+      - python manage.py createsuperuser --admin_email admin@example.com --password admin
+    restartPolicy: Never
+
 frontend:
  envVars:
    PORT: 8080
--- a/src/helm/env.d/preprod/values.desk.yaml.gotmpl
+++ b/src/helm/env.d/preprod/values.desk.yaml.gotmpl
@@ -16,6 +16,10 @@ backend:
        name: backend
        key: DJANGO_SECRET_KEY
    DJANGO_SETTINGS_MODULE: people.settings
+    DJANGO_SUPERUSER_EMAIL:
+      secretKeyRef:
+        name: backend
+        key: DJANGO_SUPERUSER_EMAIL
    DJANGO_SUPERUSER_PASSWORD:
      secretKeyRef:
        name: backend
@@ -81,6 +85,13 @@ backend:
        name: redis.redis.libre.sh
        key: url

+  createsuperuser:
+    command:
+      - "/bin/sh"
+      - "-c"
+      - python manage.py createsuperuser --admin_email $DJANGO_SUPERUSER_EMAIL --password $DJANGO_SUPERUSER_PASSWORD
+    restartPolicy: Never
+
 frontend:
  image:
    repository: lasuite/people-frontend
--- a/src/helm/env.d/staging/values.desk.yaml.gotmpl
+++ b/src/helm/env.d/staging/values.desk.yaml.gotmpl
@@ -16,6 +16,10 @@ backend:
        name: backend
        key: DJANGO_SECRET_KEY
    DJANGO_SETTINGS_MODULE: people.settings
+    DJANGO_SUPERUSER_EMAIL:
+      secretKeyRef:
+        name: backend
+        key: DJANGO_SUPERUSER_EMAIL
    DJANGO_SUPERUSER_PASSWORD:
      secretKeyRef:
        name: backend
@@ -81,6 +85,13 @@ backend:
        name: redis.redis.libre.sh
        key: url

+  createsuperuser:
+    command:
+      - "/bin/sh"
+      - "-c"
+      - python manage.py createsuperuser --admin_email $DJANGO_SUPERUSER_EMAIL --password $DJANGO_SUPERUSER_PASSWORD
+    restartPolicy: Never
+
 frontend:
  image:
    repository: lasuite/people-frontend
--- a/src/helm/extra/templates/secrets.yaml
+++ b/src/helm/extra/templates/secrets.yaml
@@ -4,6 +4,7 @@ metadata:
  name: backend
  namespace: {{ .Release.Namespace | quote }}
 stringData:
+  DJANGO_SUPERUSER_EMAIL: {{ .Values.djangoSuperUserEmail }}
  DJANGO_SUPERUSER_PASSWORD: {{ .Values.djangoSuperUserPass }}
  DJANGO_SECRET_KEY: {{ .Values.djangoSecretKey }}
  OIDC_RP_CLIENT_ID: {{ .Values.oidc.clientId }}