trying to get around SCL Postgres container limitations

quay · Oct 20, 2020 · 3f2059e · 3f2059e
1 parent 5e21bfc
commit 3f2059e
Show file tree

Hide file tree

Showing 14 changed files with 72 additions and 26 deletions.
diff --git a/controllers/quay/quayregistry_controller.go b/controllers/quay/quayregistry_controller.go
@@ -44,7 +44,7 @@ import (
 )
 
 const upgradePollInterval = time.Second * 10
-const upgradePollTimeout = time.Second * 120
+const upgradePollTimeout = time.Second * 360
 
 // QuayRegistryReconciler reconciles a QuayRegistry object
 type QuayRegistryReconciler struct {
@@ -217,6 +217,11 @@ func (r *QuayRegistryReconciler) Reconcile(req ctrl.Request) (ctrl.Result, error
 
 				return upgradeDeployment.Status.ReadyReplicas > 0, nil
 			})
+
+			if err != nil {
+				log.Error(err, "Quay upgrade deployment never reached ready phase")
+				// TODO(alecmerdler): Update `status` block with failure condition.
+			}
 		}(updatedQuay.DeepCopy())
 	}
 

diff --git a/kustomize/components/clair/clair.deployment.yaml b/kustomize/components/clair/clair.deployment.yaml
@@ -35,7 +35,10 @@ spec:
               name: config
             - mountPath: /var/run/certs
               name: certs
-          # TODO(alecmerdler): Define `readinessProbe` which waits until indexer/matcher services are ready.
+          readinessProbe:
+            httpGet:
+              path: /indexer/api/v1/index_state
+              port: 8080
       restartPolicy: Always
       volumes:
         - name: config

diff --git a/kustomize/components/clair/postgres.deployment.yaml b/kustomize/components/clair/postgres.deployment.yaml
@@ -20,7 +20,6 @@ spec:
             claimName: clair-postgres
       securityContext:
         fsGroup: 0
-        defaultMode: 0740
       containers:
         - name: postgres
           image: postgres:latest
@@ -32,9 +31,11 @@ spec:
             - name: POSTGRESQL_USER
               value: postgres
             - name: POSTGRESQL_DATABASE
-              value: clair
+              value: postgres
             - name: POSTGRESQL_PASSWORD
               value: postgres
+            - name: POSTGRESQL_ADMIN_PASSWORD
+              value: postgres
           volumeMounts:
             - name: postgres-data
               mountPath: /var/lib/pgsql/data
diff --git a/kustomize/components/postgres/create-extensions.sh b/kustomize/components/postgres/create-extensions.sh
@@ -1,5 +1,9 @@
 #!/bin/sh
 
-echo "attempting to install required pg_trgm extension"
-
-psql -d $POSTGRESQL_DATABASE -c 'CREATE EXTENSION pg_trgm;'
+while true; do
+  sleep 10
+  echo "attempting to create pg_trgm extension"
+  psql -d $POSTGRESQL_DATABASE -h $POSTGRESQL_DATABASE -U postgres -c 'CREATE EXTENSION pg_trgm;' || true
+  echo "succesfully created pg_trgm extension"
+  break
+done
diff --git a/kustomize/components/postgres/init.job.yaml b/kustomize/components/postgres/init.job.yaml
@@ -0,0 +1,35 @@
+apiVersion: batch/v1
+kind: Job
+metadata:
+  name: quay-postgres-init
+spec:
+  template:
+    metadata:
+      name: quay-postgres-init
+    spec:
+      restartPolicy: Never
+      securityContext:
+        fsGroup: 0
+      volumes:
+        - name: postgres-bootstrap
+          secret:
+            secretName: postgres-bootstrap
+            defaultMode: 0777
+            items:
+              - key: create-extensions.sh
+                path: create-extensions.sh
+              - key: restore.sh
+                path: restore.sh
+      containers:
+        - name: quay-postgres-init
+          image: postgres:latest
+          command: 
+            - /opt/app-root/src/docker-entrypoint-initdb.d/create-extensions.sh
+          env: 
+            - name: POSTGRESQL_DATABASE
+              value: $(POSTGRES_DEPLOYMENT_NAME)
+            - name: PGPASSWORD
+              value: postgres
+          volumeMounts:
+            - name: postgres-bootstrap
+              mountPath: /opt/app-root/src/docker-entrypoint-initdb.d
diff --git a/kustomize/components/postgres/kustomization.yaml b/kustomize/components/postgres/kustomization.yaml
@@ -5,12 +5,11 @@ resources:
   - ./postgres.persistentvolumeclaim.yaml
   - ./postgres.deployment.yaml
   - ./postgres.service.yaml
+  - ./init.job.yaml
 generatorOptions:
   disableNameSuffixHash: true
 secretGenerator:
   - name: postgres-bootstrap
-    literals:
-      - create-extensions.sql=CREATE EXTENSION pg_trgm;
     files:
       - ./restore.sh
       - ./create-extensions.sh

diff --git a/kustomize/components/postgres/migrate.job.yaml b/kustomize/components/postgres/migrate.job.yaml
@@ -18,13 +18,15 @@ spec:
           image: postgres:latest
           env:
             - name: DB_URI
+              # FIXME(alecmerdler): Change value...
               value: postgresql://old-quay-database:old-quay-database@old-quay-postgresql/old-quay-database
           command:
             - "pg_dump" 
             - "$(DB_URI)" 
             - "--format"
             - "c" 
             - "--file" 
+            # FIXME(alecmerdler): Fix this for SCL Postgres container.
             - "/var/lib/postgresql/data/dump.sql"
           volumeMounts:
             - name: postgres-data

diff --git a/kustomize/components/postgres/postgres.deployment.yaml b/kustomize/components/postgres/postgres.deployment.yaml
@@ -18,30 +18,23 @@ spec:
         - name: postgres-data
           persistentVolumeClaim:
             claimName: quay-database
-        - name: postgres-bootstrap
-          secret:
-            secretName: postgres-bootstrap
-            items:
-              - key: create-extensions.sh
-                path: create-extensions.sh
-              - key: restore.sh
-                path: restore.sh
       securityContext:
         fsGroup: 0
-        # FIXME(alecmerdler): This is not being marshaled from octal correctly (probably due to our YAML library) and is turing into `420`
-        defaultMode: 0740
       containers:
         - name: postgres
           image: postgres:latest
           imagePullPolicy: IfNotPresent
           ports:
             - containerPort: 5432
               protocol: TCP
+          # TODO(alecmerdler): Readiness/liveliness probes which execute `psql` command to check if database is created.
           env:
             - name: POSTGRESQL_USER
               value: $(POSTGRES_DEPLOYMENT_NAME)
             - name: POSTGRESQL_DATABASE
               value: $(POSTGRES_DEPLOYMENT_NAME)
+            - name: POSTGRESQL_ADMIN_PASSWORD
+              value: postgres
             - name: POSTGRESQL_PASSWORD
               value: postgres
             - name: POSTGRESQL_SHARED_BUFFERS
@@ -51,5 +44,3 @@ spec:
           volumeMounts:
             - name: postgres-data
               mountPath: /var/lib/pgsql/data
-            - name: postgres-bootstrap
-              mountPath: /opt/app-root/src/postgresql-init
diff --git a/kustomize/components/postgres/restore.sh b/kustomize/components/postgres/restore.sh
@@ -1,6 +1,8 @@
 #!/bin/sh
 
-# NOTE: The Postgres container will not run this init script if `$PGDATA` is populated, so no need to have extra checks here to prevent re-restoring.
+# FIXME(alecmerdler): Ensure this only runs once...
+
+# FIXME(alecmerdler): This file path is wrong for SCL Postgres...
 RESTORE_FILE=/var/lib/postgresql/data/dump.sql
 
 if [ -f "$RESTORE_FILE" ]; then

diff --git a/kustomize/overlays/downstream/v3.4.0/kustomization.yaml b/kustomize/overlays/downstream/v3.4.0/kustomization.yaml
@@ -16,4 +16,4 @@ images:
     newName: registry.access.redhat.com/rhscl/redis-32-rhel7
   - name: postgres
     newName: registry.access.redhat.com/rhscl/postgresql-10-rhel7
-    newTag: 1-35
+    newTag: latest
diff --git a/kustomize/overlays/downstream/v3.4.0/upgrade/kustomization.yaml b/kustomize/overlays/downstream/v3.4.0/upgrade/kustomization.yaml
@@ -20,5 +20,4 @@ images:
     newName: registry.access.redhat.com/rhscl/redis-32-rhel7
   - name: postgres
     newName: registry.access.redhat.com/rhscl/postgresql-10-rhel7
-    newTag: 1-35
-  # FIXME(alecmerdler): Need to handle `redhat-pull-secret` (potentially with a `secretGenerator`?)...
+    newTag: latest
diff --git a/pkg/kustomize/kustomize.go b/pkg/kustomize/kustomize.go
@@ -13,6 +13,7 @@ import (
 	route "github.com/openshift/api/route/v1"
 	apps "k8s.io/api/apps/v1"
 	autoscaling "k8s.io/api/autoscaling/v2beta2"
+	batchv1 "k8s.io/api/batch/v1"
 	corev1 "k8s.io/api/core/v1"
 	rbac "k8s.io/api/rbac/v1beta1"
 	"k8s.io/apimachinery/pkg/api/meta"
@@ -97,6 +98,8 @@ func ModelFor(gvk schema.GroupVersionKind) k8sruntime.Object {
 		return &objectbucket.ObjectBucketClaim{}
 	case schema.GroupVersionKind{Group: "autoscaling", Version: "v2beta2", Kind: "HorizontalPodAutoscaler"}.String():
 		return &autoscaling.HorizontalPodAutoscaler{}
+	case schema.GroupVersionKind{Group: "batch", Version: "v1", Kind: "Job"}.String():
+		return &batchv1.Job{}
 	default:
 		panic(fmt.Sprintf("Missing model for GVK %s", gvk.String()))
 	}

diff --git a/pkg/kustomize/kustomize_test.go b/pkg/kustomize/kustomize_test.go
@@ -8,6 +8,7 @@ import (
 	objectbucket "github.com/kube-object-storage/lib-bucket-provisioner/pkg/apis/objectbucket.io/v1alpha1"
 	"github.com/stretchr/testify/assert"
 	appsv1 "k8s.io/api/apps/v1"
+	batchv1 "k8s.io/api/batch/v1"
 	corev1 "k8s.io/api/core/v1"
 	rbac "k8s.io/api/rbac/v1beta1"
 	"k8s.io/apimachinery/pkg/api/meta"
@@ -220,6 +221,7 @@ var quayComponents = map[string][]runtime.Object{
 		&appsv1.Deployment{ObjectMeta: metav1.ObjectMeta{Name: "quay-database"}},
 		&corev1.PersistentVolumeClaim{ObjectMeta: metav1.ObjectMeta{Name: "quay-database"}},
 		&corev1.Service{ObjectMeta: metav1.ObjectMeta{Name: "quay-database"}},
+		&batchv1.Job{ObjectMeta: metav1.ObjectMeta{Name: "quay-database-init"}},
 	},
 	"redis": {
 		&appsv1.Deployment{ObjectMeta: metav1.ObjectMeta{Name: "quay-redis"}},

diff --git a/pkg/kustomize/secrets.go b/pkg/kustomize/secrets.go
@@ -298,7 +298,7 @@ func componentConfigFilesFor(component string, quay *v1.QuayRegistry) (map[strin
 // clairConfigFor returns a Clair v4 config with the correct values.
 func clairConfigFor(quay *v1.QuayRegistry) []byte {
 	host := strings.Join([]string{quay.GetName(), "clair-postgres"}, "-")
-	dbname := "clair"
+	dbname := "postgres"
 	user := "postgres"
 	// FIXME(alecmerdler): Make this more secure...
 	password := "postgres"