feat: add graphql secret/incorporate job in kustomize

.github/workflows/kustomize.yml

@@ -18,13 +18,10 @@ jobs:
         uses: helm/kind-action@v1.1.0
         with:
           version: v0.11.1
-      # - name: Setup tmate session
-      #   uses: mxschmitt/action-tmate@v3
-      #   with:
-      #     limit-access-to-actor: true
       - name: K8s Apply
         run: |
           cp Resources/k8s/kustomize/secrets/postgres.env.sample Resources/k8s/kustomize/secrets/postgres.env
+          cp Resources/k8s/kustomize/secrets/graphql.env.sample Resources/k8s/kustomize/secrets/graphql.env
           make kustomize-apply
           kubectl proxy &
           bash Resources/scripts/wait.sh http://localhost:8001/api/v1/namespaces/pokeapi/services/pokeapi/proxy/api/v2/
@@ -38,7 +35,6 @@ jobs:
           bash Resources/scripts/wait.sh http://localhost:8001/api/v1/namespaces/pokeapi/services/pokeapi/proxy/api/v2/pal-park-area/5/
       - name: K8s Apply
         run: |
-          kubectl apply -f Resources/k8s/kustomize/jobs/load-graphql.yml
           kubectl wait --timeout=120s --for=condition=complete job/load-graphql
           last_command=$(kubectl get job -o jsonpath='{.status.succeeded}' load-graphql)
           test "$last_command" -eq 1

.gitignore

@@ -7,6 +7,6 @@ db.*
 venv*
 node_modules
 .vscode
-.env
+*.env
 Resources/nginx/ssl/*
 !Resources/nginx/ssl/*.sample.*

Resources/k8s/kustomize/deployments/graphql-deployment.yaml

@@ -14,6 +14,12 @@ spec:
       labels:
         component: graphql
     spec:
+      initContainers:
+        - name: pokeapi-connection-checker
+          image: curlimages/curl:latest
+          command: ['sh', '-c',
+            'until curl -f -s --output /dev/null http://pokeapi:80/api/v2/; 
+            do echo waiting for pokeapi; sleep 2; done;']
       containers:
         - name: graphql-engine
           image: hasura/graphql-engine:v2.0.0-alpha.5
@@ -25,6 +31,11 @@ spec:
                 secretKeyRef:
                   name: postgres-env-secret
                   key: POSTGRES_PASSWORD
+            - name: HASURA_GRAPHQL_ADMIN_SECRET
+              valueFrom:
+                secretKeyRef:
+                  name: graphql-env-secret
+                  key: HASURA_GRAPHQL_ADMIN_SECRET
             - name: HASURA_GRAPHQL_DATABASE_URL
               value: postgres://ash:$(POSTGRES_PASSWORD)@postgresql:5432/pokeapi
             - name: HASURA_GRAPHQL_ENABLE_CONSOLE
@@ -33,8 +44,6 @@ spec:
               value: "false"
             - name: HASURA_GRAPHQL_ENABLED_LOG_TYPES
               value: startup, http-log, webhook-log, websocket-log, query-log
-            - name: HASURA_GRAPHQL_ADMIN_SECRET
-              value: pokemon
             - name: HASURA_GRAPHQL_UNAUTHORIZED_ROLE
               value: anon
             - name: HASURA_GRAPHQL_ENABLE_TELEMETRY

Resources/k8s/kustomize/jobs/load-graphql.yaml

@@ -0,0 +1,34 @@
+apiVersion: batch/v1
+kind: Job
+metadata:
+  name: load-graphql
+spec:
+  ttlSecondsAfterFinished: 200
+  template:
+    spec:
+      restartPolicy: Never
+      initContainers:
+        - name: pokeapi-last-built-resource-connection-checker
+          image: curlimages/curl:latest
+          command: ['sh', '-c',
+            'until curl -f -s --output /dev/null http://pokeapi:80/api/v2/pal-park-area/5/; 
+            do echo waiting for pokeapi; sleep 2; done;']
+      containers:
+      - name: load-graphql
+        image: debian:buster
+        env:
+        - name: HASURA_GRAPHQL_ADMIN_SECRET
+          valueFrom:
+            secretKeyRef:
+              name: graphql-env-secret
+              key: HASURA_GRAPHQL_ADMIN_SECRET
+        command: ["sh", "-c"]
+        args: 
+          - apt-get update &&
+            apt-get install -y git curl &&
+            curl -L https://github.com/hasura/graphql-engine/raw/stable/cli/get.sh | bash &&
+            hasura update-cli --version v2.0.0-alpha.5 &&
+            git clone https://github.com/PokeAPI/pokeapi.git &&
+            cd pokeapi &&
+            git checkout staging &&
+            hasura md apply --endpoint http://graphql:8080 --project graphql --admin-secret $(HASURA_GRAPHQL_ADMIN_SECRET)

Resources/k8s/kustomize/jobs/load-graphql.yml

@@ -1,18 +0,0 @@
-apiVersion: batch/v1
-kind: Job
-metadata:
-  name: load-graphql
-  namespace: pokeapi
-spec:
-  ttlSecondsAfterFinished: 200
-  template:
-    spec:
-      containers:
-      - name: load-graphql
-        image: debian:buster
-        env:
-        - name: HASURA_GRAPHQL_ADMIN_SECRET
-          value: pokemon
-        command: ["sh", "-c"]
-        args: ["apt-get update && apt-get install -y git curl && curl -L https://github.com/hasura/graphql-engine/raw/stable/cli/get.sh | bash && hasura update-cli --version v2.0.0-alpha.5 && git clone https://github.com/PokeAPI/pokeapi.git && cd pokeapi && git checkout staging && hasura md apply --endpoint http://graphql:8080 --project graphql --admin-secret $(HASURA_GRAPHQL_ADMIN_SECRET)"]
-      restartPolicy: Never

Resources/k8s/kustomize/kustomization.yaml

@@ -10,7 +10,10 @@ configMapGenerator:
 
 secretGenerator:
   - name: postgres-env-secret
-    env: secrets/postgres.env # TODO: change in envs as kustomize release 2.0.4
+    env: secrets/postgres.env
+    type: Opaque
+  - name: graphql-env-secret
+    env: secrets/graphql.env
     type: Opaque
 
 resources:
@@ -32,3 +35,4 @@ resources:
   - deployments/graphql-deployment.yaml
   - deployments/haproxy-ingress-controller.yaml
   - other/ingress.yaml
+  - jobs/load-graphql.yaml

Resources/k8s/kustomize/secrets/graphql.env.sample

@@ -0,0 +1 @@
+HASURA_GRAPHQL_ADMIN_SECRET=pokeapi-change-me