From 80d13fb045bd5aca342316a2a6fb0a7a7e697ef1 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Alessandro=20Pezz=C3=A8?= <igougi.ui@gmail.com>
Date: Sun, 30 May 2021 22:03:11 +0200
Subject: [PATCH] feat: add graphql secret/incorporate job in kustomize

---
 .github/workflows/kustomize.yml               |  6 +---
 .gitignore                                    |  2 +-
 .../deployments/graphql-deployment.yaml       | 13 +++++--
 .../k8s/kustomize/jobs/load-graphql.yaml      | 34 +++++++++++++++++++
 Resources/k8s/kustomize/jobs/load-graphql.yml | 18 ----------
 Resources/k8s/kustomize/kustomization.yaml    |  6 +++-
 .../k8s/kustomize/secrets/graphql.env.sample  |  1 +
 7 files changed, 53 insertions(+), 27 deletions(-)
 create mode 100644 Resources/k8s/kustomize/jobs/load-graphql.yaml
 delete mode 100644 Resources/k8s/kustomize/jobs/load-graphql.yml
 create mode 100644 Resources/k8s/kustomize/secrets/graphql.env.sample

diff --git a/.github/workflows/kustomize.yml b/.github/workflows/kustomize.yml
index 1c4b0f20..75fc2503 100644
--- a/.github/workflows/kustomize.yml
+++ b/.github/workflows/kustomize.yml
@@ -18,13 +18,10 @@ jobs:
         uses: helm/kind-action@v1.1.0
         with:
           version: v0.11.1
-      # - name: Setup tmate session
-      #   uses: mxschmitt/action-tmate@v3
-      #   with:
-      #     limit-access-to-actor: true
       - name: K8s Apply
         run: |
           cp Resources/k8s/kustomize/secrets/postgres.env.sample Resources/k8s/kustomize/secrets/postgres.env
+          cp Resources/k8s/kustomize/secrets/graphql.env.sample Resources/k8s/kustomize/secrets/graphql.env
           make kustomize-apply
           kubectl proxy &
           bash Resources/scripts/wait.sh http://localhost:8001/api/v1/namespaces/pokeapi/services/pokeapi/proxy/api/v2/
@@ -38,7 +35,6 @@ jobs:
           bash Resources/scripts/wait.sh http://localhost:8001/api/v1/namespaces/pokeapi/services/pokeapi/proxy/api/v2/pal-park-area/5/
       - name: K8s Apply
         run: |
-          kubectl apply -f Resources/k8s/kustomize/jobs/load-graphql.yml
           kubectl wait --timeout=120s --for=condition=complete job/load-graphql
           last_command=$(kubectl get job -o jsonpath='{.status.succeeded}' load-graphql)
           test "$last_command" -eq 1
\ No newline at end of file
diff --git a/.gitignore b/.gitignore
index 005a535f..c8e6e201 100755
--- a/.gitignore
+++ b/.gitignore
@@ -7,6 +7,6 @@ db.*
 venv*
 node_modules
 .vscode
-.env
+*.env
 Resources/nginx/ssl/*
 !Resources/nginx/ssl/*.sample.*
\ No newline at end of file
diff --git a/Resources/k8s/kustomize/deployments/graphql-deployment.yaml b/Resources/k8s/kustomize/deployments/graphql-deployment.yaml
index fb86b7cb..05977cbc 100644
--- a/Resources/k8s/kustomize/deployments/graphql-deployment.yaml
+++ b/Resources/k8s/kustomize/deployments/graphql-deployment.yaml
@@ -14,6 +14,12 @@ spec:
       labels:
         component: graphql
     spec:
+      initContainers:
+        - name: pokeapi-connection-checker
+          image: curlimages/curl:latest
+          command: ['sh', '-c',
+            'until curl -f -s --output /dev/null http://pokeapi:80/api/v2/; 
+            do echo waiting for pokeapi; sleep 2; done;']
       containers:
         - name: graphql-engine
           image: hasura/graphql-engine:v2.0.0-alpha.5
@@ -25,6 +31,11 @@ spec:
                 secretKeyRef:
                   name: postgres-env-secret
                   key: POSTGRES_PASSWORD
+            - name: HASURA_GRAPHQL_ADMIN_SECRET
+              valueFrom:
+                secretKeyRef:
+                  name: graphql-env-secret
+                  key: HASURA_GRAPHQL_ADMIN_SECRET
             - name: HASURA_GRAPHQL_DATABASE_URL
               value: postgres://ash:$(POSTGRES_PASSWORD)@postgresql:5432/pokeapi
             - name: HASURA_GRAPHQL_ENABLE_CONSOLE
@@ -33,8 +44,6 @@ spec:
               value: "false"
             - name: HASURA_GRAPHQL_ENABLED_LOG_TYPES
               value: startup, http-log, webhook-log, websocket-log, query-log
-            - name: HASURA_GRAPHQL_ADMIN_SECRET
-              value: pokemon
             - name: HASURA_GRAPHQL_UNAUTHORIZED_ROLE
               value: anon
             - name: HASURA_GRAPHQL_ENABLE_TELEMETRY
diff --git a/Resources/k8s/kustomize/jobs/load-graphql.yaml b/Resources/k8s/kustomize/jobs/load-graphql.yaml
new file mode 100644
index 00000000..0e9ad56a
--- /dev/null
+++ b/Resources/k8s/kustomize/jobs/load-graphql.yaml
@@ -0,0 +1,34 @@
+apiVersion: batch/v1
+kind: Job
+metadata:
+  name: load-graphql
+spec:
+  ttlSecondsAfterFinished: 200
+  template:
+    spec:
+      restartPolicy: Never
+      initContainers:
+        - name: pokeapi-last-built-resource-connection-checker
+          image: curlimages/curl:latest
+          command: ['sh', '-c',
+            'until curl -f -s --output /dev/null http://pokeapi:80/api/v2/pal-park-area/5/; 
+            do echo waiting for pokeapi; sleep 2; done;']
+      containers:
+      - name: load-graphql
+        image: debian:buster
+        env:
+        - name: HASURA_GRAPHQL_ADMIN_SECRET
+          valueFrom:
+            secretKeyRef:
+              name: graphql-env-secret
+              key: HASURA_GRAPHQL_ADMIN_SECRET
+        command: ["sh", "-c"]
+        args: 
+          - apt-get update &&
+            apt-get install -y git curl &&
+            curl -L https://github.com/hasura/graphql-engine/raw/stable/cli/get.sh | bash &&
+            hasura update-cli --version v2.0.0-alpha.5 &&
+            git clone https://github.com/PokeAPI/pokeapi.git &&
+            cd pokeapi &&
+            git checkout staging &&
+            hasura md apply --endpoint http://graphql:8080 --project graphql --admin-secret $(HASURA_GRAPHQL_ADMIN_SECRET)
diff --git a/Resources/k8s/kustomize/jobs/load-graphql.yml b/Resources/k8s/kustomize/jobs/load-graphql.yml
deleted file mode 100644
index 3cb82cd5..00000000
--- a/Resources/k8s/kustomize/jobs/load-graphql.yml
+++ /dev/null
@@ -1,18 +0,0 @@
-apiVersion: batch/v1
-kind: Job
-metadata:
-  name: load-graphql
-  namespace: pokeapi
-spec:
-  ttlSecondsAfterFinished: 200
-  template:
-    spec:
-      containers:
-      - name: load-graphql
-        image: debian:buster
-        env:
-        - name: HASURA_GRAPHQL_ADMIN_SECRET
-          value: pokemon
-        command: ["sh", "-c"]
-        args: ["apt-get update && apt-get install -y git curl && curl -L https://github.com/hasura/graphql-engine/raw/stable/cli/get.sh | bash && hasura update-cli --version v2.0.0-alpha.5 && git clone https://github.com/PokeAPI/pokeapi.git && cd pokeapi && git checkout staging && hasura md apply --endpoint http://graphql:8080 --project graphql --admin-secret $(HASURA_GRAPHQL_ADMIN_SECRET)"]
-      restartPolicy: Never
diff --git a/Resources/k8s/kustomize/kustomization.yaml b/Resources/k8s/kustomize/kustomization.yaml
index 8fed03ee..93828994 100644
--- a/Resources/k8s/kustomize/kustomization.yaml
+++ b/Resources/k8s/kustomize/kustomization.yaml
@@ -10,7 +10,10 @@ configMapGenerator:
 
 secretGenerator:
   - name: postgres-env-secret
-    env: secrets/postgres.env # TODO: change in envs as kustomize release 2.0.4
+    env: secrets/postgres.env
+    type: Opaque
+  - name: graphql-env-secret
+    env: secrets/graphql.env
     type: Opaque
 
 resources:
@@ -32,3 +35,4 @@ resources:
   - deployments/graphql-deployment.yaml
   - deployments/haproxy-ingress-controller.yaml
   - other/ingress.yaml
+  - jobs/load-graphql.yaml
diff --git a/Resources/k8s/kustomize/secrets/graphql.env.sample b/Resources/k8s/kustomize/secrets/graphql.env.sample
new file mode 100644
index 00000000..e450bdaa
--- /dev/null
+++ b/Resources/k8s/kustomize/secrets/graphql.env.sample
@@ -0,0 +1 @@
+HASURA_GRAPHQL_ADMIN_SECRET=pokeapi-change-me
\ No newline at end of file