From 3c481e75bb837232cbc976c4be8bddff71599d32 Mon Sep 17 00:00:00 2001 From: Anthony LC Date: Wed, 19 Jun 2024 10:39:18 +0200 Subject: [PATCH] =?UTF-8?q?=F0=9F=91=B7(helm)=20command=20createsuperuser?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit We need a superuser in the Django application, to have access to the admin part. This commit create a superuser on the pods. --- bin/Tiltfile | 13 -- .../backend_job_createsuperuser.yaml | 121 ++++++++++++++++++ src/helm/env.d/dev/values.desk.yaml.gotmpl | 7 + .../env.d/preprod/values.desk.yaml.gotmpl | 11 ++ .../env.d/staging/values.desk.yaml.gotmpl | 11 ++ src/helm/extra/templates/secrets.yaml | 1 + 6 files changed, 151 insertions(+), 13 deletions(-) create mode 100644 src/helm/desk/templates/backend_job_createsuperuser.yaml diff --git a/bin/Tiltfile b/bin/Tiltfile index a3beba2..0f62e3c 100644 --- a/bin/Tiltfile +++ b/bin/Tiltfile @@ -56,16 +56,3 @@ cmd_button('Migrate db', icon_name='developer_board', text='Run database migration', ) - -pod_add_admin = ''' -set -eu -# get k8s pod name from tilt resource name -POD_NAME="$(tilt get kubernetesdiscovery desk-backend -ojsonpath='{.status.pods[0].name}')" -kubectl -n desk exec "$POD_NAME" -- python manage.py createsuperuser --password admin --admin_email admin@example.com -''' -cmd_button('Add admin', - argv=['sh', '-c', pod_add_admin], - resource='desk-backend', - icon_name='developer_board', - text='Create superadmin', -) diff --git a/src/helm/desk/templates/backend_job_createsuperuser.yaml b/src/helm/desk/templates/backend_job_createsuperuser.yaml new file mode 100644 index 0000000..17fe656 --- /dev/null +++ b/src/helm/desk/templates/backend_job_createsuperuser.yaml @@ -0,0 +1,121 @@ +{{- $envVars := include "desk.common.env" (list . .Values.backend) -}} +{{- $fullName := include "desk.backend.fullname" . -}} +{{- $component := "backend" -}} +apiVersion: batch/v1 +kind: Job +metadata: + name: {{ $fullName }}-createsuperuser + namespace: {{ .Release.Namespace | quote }} + {{- with .Values.backend.migrateJobAnnotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} + labels: + {{- include "desk.common.labels" (list . $component) | nindent 4 }} +spec: + template: + metadata: + annotations: + {{- with .Values.backend.podAnnotations }} + {{- toYaml . | nindent 8 }} + {{- end }} + labels: + {{- include "desk.common.selectorLabels" (list . $component) | nindent 8 }} + spec: + {{- if $.Values.image.credentials }} + imagePullSecrets: + - name: {{ include "desk.secret.dockerconfigjson.name" (dict "fullname" (include "desk.fullname" .) "imageCredentials" $.Values.image.credentials) }} + {{- end}} + shareProcessNamespace: {{ .Values.backend.shareProcessNamespace }} + containers: + {{- with .Values.backend.sidecars }} + {{- toYaml . | nindent 8 }} + {{- end }} + - name: {{ .Chart.Name }} + image: "{{ (.Values.backend.image | default dict).repository | default .Values.image.repository }}:{{ (.Values.backend.image | default dict).tag | default .Values.image.tag }}" + imagePullPolicy: {{ (.Values.backend.image | default dict).pullPolicy | default .Values.image.pullPolicy }} + {{- with .Values.backend.createsuperuser.command }} + command: + {{- toYaml . | nindent 12 }} + {{- end }} + {{- with .Values.backend.args }} + args: + {{- toYaml . | nindent 12 }} + {{- end }} + env: + {{- if $envVars}} + {{- $envVars | indent 12 }} + {{- end }} + {{- with .Values.backend.securityContext }} + securityContext: + {{- toYaml . | nindent 12 }} + {{- end }} + {{- with .Values.backend.resources }} + resources: + {{- toYaml . | nindent 12 }} + {{- end }} + volumeMounts: + {{- range $index, $value := .Values.mountFiles }} + - name: "files-{{ $index }}" + mountPath: {{ $value.path }} + subPath: content + {{- end }} + {{- range $name, $volume := .Values.backend.persistence }} + - name: "{{ $name }}" + mountPath: "{{ $volume.mountPath }}" + {{- end }} + {{- range .Values.backend.extraVolumeMounts }} + - name: {{ .name }} + mountPath: {{ .mountPath }} + subPath: {{ .subPath | default "" }} + readOnly: {{ .readOnly }} + {{- end }} + {{- with .Values.backend.nodeSelector }} + nodeSelector: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.backend.affinity }} + affinity: + {{- toYaml . | nindent 8 }} + {{- end }} + {{- with .Values.backend.tolerations }} + tolerations: + {{- toYaml . | nindent 8 }} + {{- end }} + restartPolicy: {{ .Values.backend.createsuperuser.restartPolicy }} + volumes: + {{- range $index, $value := .Values.mountFiles }} + - name: "files-{{ $index }}" + configMap: + name: "{{ include "desk.fullname" $ }}-files-{{ $index }}" + {{- end }} + {{- range $name, $volume := .Values.backend.persistence }} + - name: "{{ $name }}" + {{- if eq $volume.type "emptyDir" }} + emptyDir: {} + {{- else }} + persistentVolumeClaim: + claimName: "{{ $fullName }}-{{ $name }}" + {{- end }} + {{- end }} + {{- range .Values.backend.extraVolumes }} + - name: {{ .name }} + {{- if .existingClaim }} + persistentVolumeClaim: + claimName: {{ .existingClaim }} + {{- else if .hostPath }} + hostPath: + {{ toYaml .hostPath | nindent 12 }} + {{- else if .csi }} + csi: + {{- toYaml .csi | nindent 12 }} + {{- else if .configMap }} + configMap: + {{- toYaml .configMap | nindent 12 }} + {{- else if .emptyDir }} + emptyDir: + {{- toYaml .emptyDir | nindent 12 }} + {{- else }} + emptyDir: {} + {{- end }} + {{- end }} diff --git a/src/helm/env.d/dev/values.desk.yaml.gotmpl b/src/helm/env.d/dev/values.desk.yaml.gotmpl index 6977b4b..d834e7a 100644 --- a/src/helm/env.d/dev/values.desk.yaml.gotmpl +++ b/src/helm/env.d/dev/values.desk.yaml.gotmpl @@ -57,6 +57,13 @@ backend: - "people.wsgi:application" - "--reload" + createsuperuser: + command: + - "/bin/sh" + - "-c" + - python manage.py createsuperuser --admin_email admin@example.com --password admin + restartPolicy: Never + frontend: envVars: PORT: 8080 diff --git a/src/helm/env.d/preprod/values.desk.yaml.gotmpl b/src/helm/env.d/preprod/values.desk.yaml.gotmpl index c671bf8..dc12e1e 100644 --- a/src/helm/env.d/preprod/values.desk.yaml.gotmpl +++ b/src/helm/env.d/preprod/values.desk.yaml.gotmpl @@ -16,6 +16,10 @@ backend: name: backend key: DJANGO_SECRET_KEY DJANGO_SETTINGS_MODULE: people.settings + DJANGO_SUPERUSER_EMAIL: + secretKeyRef: + name: backend + key: DJANGO_SUPERUSER_EMAIL DJANGO_SUPERUSER_PASSWORD: secretKeyRef: name: backend @@ -81,6 +85,13 @@ backend: name: redis.redis.libre.sh key: url + createsuperuser: + command: + - "/bin/sh" + - "-c" + - python manage.py createsuperuser --admin_email $DJANGO_SUPERUSER_EMAIL --password $DJANGO_SUPERUSER_PASSWORD + restartPolicy: Never + frontend: image: repository: lasuite/people-frontend diff --git a/src/helm/env.d/staging/values.desk.yaml.gotmpl b/src/helm/env.d/staging/values.desk.yaml.gotmpl index 1944df2..31b5894 100644 --- a/src/helm/env.d/staging/values.desk.yaml.gotmpl +++ b/src/helm/env.d/staging/values.desk.yaml.gotmpl @@ -16,6 +16,10 @@ backend: name: backend key: DJANGO_SECRET_KEY DJANGO_SETTINGS_MODULE: people.settings + DJANGO_SUPERUSER_EMAIL: + secretKeyRef: + name: backend + key: DJANGO_SUPERUSER_EMAIL DJANGO_SUPERUSER_PASSWORD: secretKeyRef: name: backend @@ -81,6 +85,13 @@ backend: name: redis.redis.libre.sh key: url + createsuperuser: + command: + - "/bin/sh" + - "-c" + - python manage.py createsuperuser --admin_email $DJANGO_SUPERUSER_EMAIL --password $DJANGO_SUPERUSER_PASSWORD + restartPolicy: Never + frontend: image: repository: lasuite/people-frontend diff --git a/src/helm/extra/templates/secrets.yaml b/src/helm/extra/templates/secrets.yaml index 799bafe..269f34c 100644 --- a/src/helm/extra/templates/secrets.yaml +++ b/src/helm/extra/templates/secrets.yaml @@ -4,6 +4,7 @@ metadata: name: backend namespace: {{ .Release.Namespace | quote }} stringData: + DJANGO_SUPERUSER_EMAIL: {{ .Values.djangoSuperUserEmail }} DJANGO_SUPERUSER_PASSWORD: {{ .Values.djangoSuperUserPass }} DJANGO_SECRET_KEY: {{ .Values.djangoSecretKey }} OIDC_RP_CLIENT_ID: {{ .Values.oidc.clientId }}