Adds a working example for flux (#8)

Removes jobs for an initcontainer

flux/README.md

@@ -0,0 +1,11 @@
+# Flux
+
+
+## Introductie
+
+Flux is een gitops tool om automatisch de inhoud van een git repository te deployen op kubernetes.
+
+
+## Werking
+
+Flux heeft een repo nodig als bron. In ons geval is dat een `OCI` Helm repository

flux/oci.yaml

@@ -0,0 +1,45 @@
+apiVersion: source.toolkit.fluxcd.io/v1beta2
+kind: HelmRepository
+metadata:
+  name: oci-repo
+  namespace: zgw
+spec:
+  interval: 5m
+  type: oci
+  url: oci://ghcr.io/vng-realisatie
+  secretRef:
+    name: ghcr-auth
+---
+apiVersion: helm.toolkit.fluxcd.io/v2beta1
+kind: HelmRelease
+metadata:
+  name: zgw
+  namespace: zgw-test
+spec:
+  interval: 5m
+  targetNamespace: zgw-test
+  releaseName: zgw-test
+  chart:
+    spec:
+      chart: ri-zgw-test
+      sourceRef:
+        kind: HelmRepository
+        name: oci-repo
+        namespace: zgw
+---
+apiVersion: helm.toolkit.fluxcd.io/v2beta1
+kind: HelmRelease
+metadata:
+  name: zgw
+  namespace: zgw
+spec:
+  interval: 5m
+  targetNamespace: zgw
+  releaseName: zgw
+  chart:
+    spec:
+      chart: ri-zgw
+      sourceRef:
+        kind: HelmRepository
+        name: oci-repo
+        namespace: zgw

flux/secret.sh

@@ -0,0 +1,40 @@
+#!/bin/bash
+
+SECRET_NAME="ghcr-auth"
+NAMESPACE="zgw"
+
+delete_secret() {
+  local secret_name=$1
+  local namespace=$2
+
+  existing_secret=$(kubectl get secret $secret_name -n $namespace --no-headers=true --ignore-not-found=true)
+
+  if [[ -n $existing_secret ]]; then
+    echo "Deleting secret $secret_name in ns $namespace."
+    kubectl delete secret $secret_name -n $namespace
+  else
+    echo "Secret $secret_name does not exist in ns $namespace. Nothing to do."
+  fi
+}
+
+create_secret() {
+  local secret_name=$1
+  local namespace=$2
+  local github_pat=$3
+
+  flux create secret oci $secret_name \
+    --namespace=$namespace \
+    --url=ghcr.io \
+    --username=flux \
+    --password=$github_pat
+}
+
+# Check if GITHUB_PAT is provided as an argument, otherwise fetch it from the environment
+if [[ -n $1 ]]; then
+  GITHUB_PAT=$1
+else
+  GITHUB_PAT=$GITHUB_PAT_ENV
+fi
+
+delete_secret $SECRET_NAME $NAMESPACE
+create_secret $SECRET_NAME $NAMESPACE $GITHUB_PAT

helm/ri-zgw/charts/ac/templates/deployment.yaml

@@ -21,6 +21,36 @@ spec:
         - name: wait-for-postgres
           image: busybox:1.31
           command: [ 'sh', '-c', 'echo -e "Checking for the availability of postgres deployment"; while ! nc -z postgres 5432; do sleep 1; printf "-"; done; echo -e "  >> POSTGRES has started";' ]
+        - name: {{ .Values.service.name }}-db-create
+          image: postgres:latest
+          command:
+            - bash
+            - -c
+            - |
+              if psql -lqt | cut -d \| -f 1 | grep -qw "$DB_NAME"; then
+                echo "Database '$DB_NAME' already exists"
+                exit 0
+              else
+                echo "Creating database '$DB_NAME'"
+                createdb $DB_NAME
+              fi
+          env:
+            - name: PGHOST
+              value: {{ .Values.global.postgres.service.host }}
+            - name: DB_NAME
+              value: {{ .Values.database.name }}
+            - name: PGPORT
+              value: {{.Values.global.postgres.service.port | quote }}
+            - name: PGUSER
+              valueFrom:
+                secretKeyRef:
+                  name: {{ .Values.global.postgres.secretName }}
+                  key: {{ .Values.global.postgres.username_key }}
+            - name: PGPASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: {{ .Values.global.postgres.secretName }}
+                  key: {{ .Values.global.postgres.password_key }}
         - name: {{ .Values.service.name }}-init
           image: {{ .Values.service.images.imageRepo}}:{{ .Values.service.images.tag }}
           imagePullPolicy: {{ .Values.config.pullPolicy }}
@@ -98,6 +128,8 @@ spec:
           ports:
             - containerPort: {{ .Values.service.port }}
           env:
+            - name: AC_BASE_URL
+              value: {{ .Values.config.baseAddress }}
             - name: DJANGO_SETTINGS_MODULE
               value: {{.Values.service.name}}.conf.docker
             - name: ALLOWED_HOSTS

helm/ri-zgw/charts/ac/values.yaml

@@ -1,4 +1,5 @@
 config:
+  baseAddress: https://autorisaties-api.test.vng.cloud
   branch: ''
   env: test
   host: autorisaties-api.test.vng.cloud,localhost,ac,ac.zgw-test.svc.cluster.local

helm/ri-zgw/charts/brc/templates/deployment.yaml

@@ -21,6 +21,36 @@ spec:
         - name: wait-for-postgres
           image: busybox:1.31
           command: [ 'sh', '-c', 'echo -e "Checking for the availability of postgres deployment"; while ! nc -z postgres 5432; do sleep 1; printf "-"; done; echo -e "  >> POSTGRES has started";' ]
+        - name: {{ .Values.service.name }}-db-create
+          image: postgres:latest
+          command:
+            - bash
+            - -c
+            - |
+              if psql -lqt | cut -d \| -f 1 | grep -qw "$DB_NAME"; then
+                echo "Database '$DB_NAME' already exists"
+                exit 0
+              else
+                echo "Creating database '$DB_NAME'"
+                createdb $DB_NAME
+              fi
+          env:
+            - name: PGHOST
+              value: {{ .Values.global.postgres.service.host }}
+            - name: DB_NAME
+              value: {{ .Values.database.name }}
+            - name: PGPORT
+              value: {{.Values.global.postgres.service.port | quote }}
+            - name: PGUSER
+              valueFrom:
+                secretKeyRef:
+                  name: {{ .Values.global.postgres.secretName }}
+                  key: {{ .Values.global.postgres.username_key }}
+            - name: PGPASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: {{ .Values.global.postgres.secretName }}
+                  key: {{ .Values.global.postgres.password_key }}
         - name: {{ .Values.service.name }}-init
           image: {{ .Values.service.images.imageRepo}}:{{ .Values.service.images.tag }}
           imagePullPolicy: {{ .Values.config.pullPolicy }}
@@ -98,6 +128,12 @@ spec:
           ports:
             - containerPort: {{ .Values.service.port }}
           env:
+            - name: BRC_BASE_URL
+              value: {{ .Values.config.baseAddress }}
+            - name: NOTIFICATIONS_DISABLED
+              value: {{ .Values.global.config.notificationsDisabled | quote }}
+            - name: REDIS_CACHE
+              value: {{ .Values.global.redis.name }}:{{ .Values.global.redis.service.port | quote }}
             - name: DJANGO_SETTINGS_MODULE
               value: {{.Values.service.name}}.conf.docker
             - name: ALLOWED_HOSTS

helm/ri-zgw/charts/brc/values.yaml

@@ -1,4 +1,5 @@
 config:
+  baseAddress: https://besluiten-api.test.vng.cloud
   env: test
   host: besluiten-api.test.vng.cloud,localhost,brc,brc.zgw-test.svc.cluster.local
   pullPolicy: Always

helm/ri-zgw/charts/drc/templates/deployment.yaml

@@ -21,6 +21,36 @@ spec:
         - name: wait-for-postgres
           image: busybox:1.31
           command: [ 'sh', '-c', 'echo -e "Checking for the availability of postgres deployment"; while ! nc -z postgres 5432; do sleep 1; printf "-"; done; echo -e "  >> POSTGRES has started";' ]
+        - name: {{ .Values.service.name }}-db-create
+          image: postgres:latest
+          command:
+            - bash
+            - -c
+            - |
+              if psql -lqt | cut -d \| -f 1 | grep -qw "$DB_NAME"; then
+                echo "Database '$DB_NAME' already exists"
+                exit 0
+              else
+                echo "Creating database '$DB_NAME'"
+                createdb $DB_NAME
+              fi
+          env:
+            - name: PGHOST
+              value: {{ .Values.global.postgres.service.host }}
+            - name: DB_NAME
+              value: {{ .Values.database.name }}
+            - name: PGPORT
+              value: {{.Values.global.postgres.service.port | quote }}
+            - name: PGUSER
+              valueFrom:
+                secretKeyRef:
+                  name: {{ .Values.global.postgres.secretName }}
+                  key: {{ .Values.global.postgres.username_key }}
+            - name: PGPASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: {{ .Values.global.postgres.secretName }}
+                  key: {{ .Values.global.postgres.password_key }}
         - name: {{ .Values.service.name }}-init
           image: {{ .Values.service.images.imageRepo}}:{{ .Values.service.images.tag }}
           imagePullPolicy: {{ .Values.config.pullPolicy }}
@@ -98,10 +128,14 @@ spec:
           ports:
             - containerPort: {{ .Values.service.port }}
           env:
+            - name: DRC_BASE_URL
+              value: {{ .Values.config.baseAddress }}
+            - name: REDIS_CACHE
+              value: {{ .Values.global.redis.name }}:{{ .Values.global.redis.service.port | quote }}
             - name: DJANGO_SETTINGS_MODULE
               value: {{.Values.service.name}}.conf.docker
             - name: NOTIFICATIONS_DISABLED
-              value: "true"
+              value: {{ .Values.global.config.notificationsDisabled | quote }}
             - name: ALLOWED_HOSTS
               value: {{ .Values.config.host }}
             - name: DB_NAME

helm/ri-zgw/charts/drc/values.yaml

@@ -1,4 +1,5 @@
 config:
+  baseAddress: https://documenten-api.test.vng.cloud
   env: test
   host: documenten-api.test.vng.cloud,localhost,drc,drc.zgw-test.svc.cluster.local
   pullPolicy: Always