swh: POC using envsubst instead of echo to perform env substitution in the init-container
A side effect of the echo command is to remove some quotes that can needed:
Given that:
grep -A1 accounts config-template.yaml 19:40:54
accounts:
"0":The echo result is:
bash -c 'eval echo "\"$(<config-template.yaml)\""' | grep -A1 accounts 19:40:16
accounts:
0:the envsubst:
cat config-template.yaml| envsubst | grep -A1 accounts 19:40:19
accounts:
"0":If the poc result is positive we could migrate this in a dedicated image and refactor all the configuration init containers
Related to swh/infra/sysadm-environment#5175 (closed)
helm diff
swh/helm-diff.sh 19:43:24
[swh] Comparing changes between branches production and envsubst-poc (per environment)...
Switched to branch 'production'
Your branch is up to date with 'origin/production'.
[swh] Generate config in production branch for environment staging, namespace swh...
[swh] Generate config in production branch for environment staging, namespace swh-cassandra...
[swh] Generate config in production branch for environment staging, namespace swh-cassandra-next-version...
Switched to branch 'envsubst-poc'
[swh] Generate config in envsubst-poc branch for environment staging...
[swh] Generate config in envsubst-poc branch for environment staging...
[swh] Generate config in envsubst-poc branch for environment staging...
Switched to branch 'production'
Your branch is up to date with 'origin/production'.
[swh] Generate config in production branch for environment production, namespace swh...
[swh] Generate config in production branch for environment production, namespace swh-cassandra...
[swh] Generate config in production branch for environment production, namespace swh-cassandra-next-version...
Switched to branch 'envsubst-poc'
[swh] Generate config in envsubst-poc branch for environment production...
[swh] Generate config in envsubst-poc branch for environment production...
[swh] Generate config in envsubst-poc branch for environment production...
------------- diff for environment staging namespace swh -------------
--- /tmp/swh-chart.swh.SmawkgiZ/staging-swh.before 2023-11-28 19:43:31.621457588 +0100
+++ /tmp/swh-chart.swh.SmawkgiZ/staging-swh.after 2023-11-28 19:43:32.081459085 +0100
@@ -13660,55 +13660,56 @@
type: RollingUpdate
rollingUpdate:
maxSurge: 1
template:
metadata:
labels:
app: storage
annotations:
checksum/config: 8f088db9c5dbc10095a481e58ad8ec0752846e9da2e8d0ccbce5ad0a3f3b85fb
checksum/config-utils: 95e3ec2d5d9a9195227631abff0736a8d94bcbcc795abf56981a586844da0c79
+ checksum/config-utils: c24db93f3d92c66eb70137540c435bc000312553147d35d4cf8b93e4fc25f8b8
spec:
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: swh/storage
operator: In
values:
- "true"
priorityClassName: swh-frontend-rpc
initContainers:
- name: prepare-configuration
image: debian:bullseye
imagePullPolicy: IfNotPresent
command:
- - /bin/bash
- args:
- - -c
- - eval echo "\"$(</etc/swh/configuration-template/config.yml.template)\"" > /etc/swh/config.yml
+ - /entrypoints/prepare-configuration.sh
env:
- name: POSTGRESQL_PASSWORD
valueFrom:
secretKeyRef:
name: swh-postgresql-common-secret
key: postgres-swh-password
# 'name' secret must exist & include that ^ key
optional: false
volumeMounts:
- name: configuration
mountPath: /etc/swh
- name: configuration-template
mountPath: /etc/swh/configuration-template
+ - name: config-utils
+ mountPath: /entrypoints
+ readOnly: true
containers:
- name: storage
resources:
requests:
memory: 1500Mi
cpu: 500m
image: container-registry.softwareheritage.org/swh/infra/swh-apps/storage:20231127.1
imagePullPolicy: IfNotPresent
@@ -13769,20 +13770,24 @@
- name: configuration-template
configMap:
name: storage-configuration-template
items:
- key: "config.yml.template"
path: "config.yml.template"
- name: database-utils
configMap:
name: database-utils
defaultMode: 0555
+ - name: config-utils
+ configMap:
+ name: config-utils
+ defaultMode: 0555
---
# Source: swh/templates/toolbox/deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: swh-toolbox
namespace: swh
labels:
app: swh-toolbox
spec:
------------- diff for environment staging namespace swh-cassandra -------------
--- /tmp/swh-chart.swh.SmawkgiZ/staging-swh-cassandra.before 2023-11-28 19:43:31.781458109 +0100
+++ /tmp/swh-chart.swh.SmawkgiZ/staging-swh-cassandra.after 2023-11-28 19:43:32.293459776 +0100
@@ -11791,55 +11791,56 @@
type: RollingUpdate
rollingUpdate:
maxSurge: 1
template:
metadata:
labels:
app: storage
annotations:
checksum/config: 74608f339a88516dcf9b3d26b060ab6a34a88d5bdb261ac705b366ac7bf52f69
checksum/config-utils: 885f4088d8181fabbd02e146f85462caced4878849cda6c1aea2f6b5ebc6e4e2
+ checksum/config-utils: db91a4b0d54e4f28b8e8463e4709ee237402ba26fbcc30049b099fc694ee9305
spec:
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: swh/storage
operator: In
values:
- "true"
priorityClassName: swh-cassandra-frontend-rpc
initContainers:
- name: prepare-configuration
image: debian:bullseye
imagePullPolicy: IfNotPresent
command:
- - /bin/bash
- args:
- - -c
- - eval echo "\"$(</etc/swh/configuration-template/config.yml.template)\"" > /etc/swh/config.yml
+ - /entrypoints/prepare-configuration.sh
env:
- name: CASSANDRA_PASSWORD
valueFrom:
secretKeyRef:
name: common-secrets
key: cassandra-swh-rw-password
# 'name' secret must exist & include that ^ key
optional: false
volumeMounts:
- name: configuration
mountPath: /etc/swh
- name: configuration-template
mountPath: /etc/swh/configuration-template
+ - name: config-utils
+ mountPath: /entrypoints
+ readOnly: true
- name: init-database
image: container-registry.softwareheritage.org/swh/infra/swh-apps/storage:20231127.1
imagePullPolicy: IfNotPresent
command:
- /usr/local/bin/python3
args:
- /entrypoints/init-keyspace.py
volumeMounts:
- name: configuration
@@ -11913,20 +11914,24 @@
- name: configuration-template
configMap:
name: storage-configuration-template
items:
- key: "config.yml.template"
path: "config.yml.template"
- name: database-utils
configMap:
name: database-utils
defaultMode: 0555
+ - name: config-utils
+ configMap:
+ name: config-utils
+ defaultMode: 0555
---
# Source: swh/templates/toolbox/deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: swh-toolbox
namespace: swh-cassandra
labels:
app: swh-toolbox
spec:
------------- diff for environment staging namespace swh-cassandra-next-version -------------
--- /tmp/swh-chart.swh.SmawkgiZ/staging-swh-cassandra-next-version.before 2023-11-28 19:43:31.917458551 +0100
+++ /tmp/swh-chart.swh.SmawkgiZ/staging-swh-cassandra-next-version.after 2023-11-28 19:43:32.453460296 +0100
@@ -10495,55 +10495,56 @@
type: RollingUpdate
rollingUpdate:
maxSurge: 1
template:
metadata:
labels:
app: storage
annotations:
checksum/config: eb77f5507bea433c87d5dd9120d3b3940ba1865f8ce868f955887c431c7ee068
checksum/config-utils: 908f9182febd57f799c59c25abdfbd7cfd832e1f1edc150c536d5f8087dd9486
+ checksum/config-utils: 36669bec3ad402c3d46b17c5ca0496d954d19221adf9672bb407070401e65f09
spec:
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: swh/storage
operator: In
values:
- "true"
priorityClassName: swh-cassandra-next-version-frontend-rpc
initContainers:
- name: prepare-configuration
image: debian:bullseye
imagePullPolicy: IfNotPresent
command:
- - /bin/bash
- args:
- - -c
- - eval echo "\"$(</etc/swh/configuration-template/config.yml.template)\"" > /etc/swh/config.yml
+ - /entrypoints/prepare-configuration.sh
env:
- name: CASSANDRA_PASSWORD
valueFrom:
secretKeyRef:
name: common-secrets
key: cassandra-swh-rw-password
# 'name' secret must exist & include that ^ key
optional: false
volumeMounts:
- name: configuration
mountPath: /etc/swh
- name: configuration-template
mountPath: /etc/swh/configuration-template
+ - name: config-utils
+ mountPath: /entrypoints
+ readOnly: true
- name: init-database
image: container-registry.softwareheritage.org/swh/infra/swh-apps/storage:20231127.1
imagePullPolicy: IfNotPresent
command:
- /usr/local/bin/python3
args:
- /entrypoints/init-keyspace.py
volumeMounts:
- name: configuration
@@ -10617,20 +10618,24 @@
- name: configuration-template
configMap:
name: storage-configuration-template
items:
- key: "config.yml.template"
path: "config.yml.template"
- name: database-utils
configMap:
name: database-utils
defaultMode: 0555
+ - name: config-utils
+ configMap:
+ name: config-utils
+ defaultMode: 0555
---
# Source: swh/templates/vault/rpc-deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
namespace: swh-cassandra-next-version
name: vault-rpc
labels:
app: vault-rpc
spec:
------------- diff for environment production namespace swh -------------
No differences
------------- diff for environment production namespace swh-cassandra -------------
--- /tmp/swh-chart.swh.SmawkgiZ/production-swh-cassandra.before 2023-11-28 19:43:32.749461260 +0100
+++ /tmp/swh-chart.swh.SmawkgiZ/production-swh-cassandra.after 2023-11-28 19:43:33.069462301 +0100
@@ -3812,40 +3812,38 @@
type: RollingUpdate
rollingUpdate:
maxSurge: 1
template:
metadata:
labels:
app: storage
annotations:
checksum/config: 32f574de98a04f13bff82cfc00420edc29a9421753f4b1063b992333a67b5800
checksum/config-utils: 885f4088d8181fabbd02e146f85462caced4878849cda6c1aea2f6b5ebc6e4e2
+ checksum/config-utils: db91a4b0d54e4f28b8e8463e4709ee237402ba26fbcc30049b099fc694ee9305
spec:
affinity:
nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: swh/storage
operator: In
values:
- "true"
priorityClassName: swh-cassandra-frontend-rpc
initContainers:
- name: prepare-configuration
image: debian:bullseye
imagePullPolicy: IfNotPresent
command:
- - /bin/bash
- args:
- - -c
- - eval echo "\"$(</etc/swh/configuration-template/config.yml.template)\"" > /etc/swh/config.yml
+ - /entrypoints/prepare-configuration.sh
env:
- name: ACCOUNT_NAME_0
valueFrom:
secretKeyRef:
name: swh-cassandra-objstorage-config
key: 0_account_name
# 'name' secret must exist & include that ^ key
optional: false
@@ -4071,20 +4069,23 @@
secretKeyRef:
name: common-secrets
key: cassandra-swh-rw-password
# 'name' secret must exist & include that ^ key
optional: false
volumeMounts:
- name: configuration
mountPath: /etc/swh
- name: configuration-template
mountPath: /etc/swh/configuration-template
+ - name: config-utils
+ mountPath: /entrypoints
+ readOnly: true
containers:
- name: storage
resources:
requests:
memory: 500Mi
cpu: 500m
image: container-registry.softwareheritage.org/swh/infra/swh-apps/storage:20231127.1
imagePullPolicy: IfNotPresent
@@ -4139,20 +4140,24 @@
- name: configuration-template
configMap:
name: storage-configuration-template
items:
- key: "config.yml.template"
path: "config.yml.template"
- name: database-utils
configMap:
name: database-utils
defaultMode: 0555
+ - name: config-utils
+ configMap:
+ name: config-utils
+ defaultMode: 0555
---
# Source: swh/templates/toolbox/deployment.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: swh-toolbox
namespace: swh-cassandra
labels:
app: swh-toolbox
spec:Edited by Vincent Sellier