mirror of
https://github.com/PokeAPI/pokeapi
synced 2024-11-25 04:40:21 +00:00
feat: add graphql secret/incorporate job in kustomize
This commit is contained in:
parent
cfe92e9260
commit
80d13fb045
7 changed files with 53 additions and 27 deletions
6
.github/workflows/kustomize.yml
vendored
6
.github/workflows/kustomize.yml
vendored
|
@ -18,13 +18,10 @@ jobs:
|
|||
uses: helm/kind-action@v1.1.0
|
||||
with:
|
||||
version: v0.11.1
|
||||
# - name: Setup tmate session
|
||||
# uses: mxschmitt/action-tmate@v3
|
||||
# with:
|
||||
# limit-access-to-actor: true
|
||||
- name: K8s Apply
|
||||
run: |
|
||||
cp Resources/k8s/kustomize/secrets/postgres.env.sample Resources/k8s/kustomize/secrets/postgres.env
|
||||
cp Resources/k8s/kustomize/secrets/graphql.env.sample Resources/k8s/kustomize/secrets/graphql.env
|
||||
make kustomize-apply
|
||||
kubectl proxy &
|
||||
bash Resources/scripts/wait.sh http://localhost:8001/api/v1/namespaces/pokeapi/services/pokeapi/proxy/api/v2/
|
||||
|
@ -38,7 +35,6 @@ jobs:
|
|||
bash Resources/scripts/wait.sh http://localhost:8001/api/v1/namespaces/pokeapi/services/pokeapi/proxy/api/v2/pal-park-area/5/
|
||||
- name: K8s Apply
|
||||
run: |
|
||||
kubectl apply -f Resources/k8s/kustomize/jobs/load-graphql.yml
|
||||
kubectl wait --timeout=120s --for=condition=complete job/load-graphql
|
||||
last_command=$(kubectl get job -o jsonpath='{.status.succeeded}' load-graphql)
|
||||
test "$last_command" -eq 1
|
2
.gitignore
vendored
2
.gitignore
vendored
|
@ -7,6 +7,6 @@ db.*
|
|||
venv*
|
||||
node_modules
|
||||
.vscode
|
||||
.env
|
||||
*.env
|
||||
Resources/nginx/ssl/*
|
||||
!Resources/nginx/ssl/*.sample.*
|
|
@ -14,6 +14,12 @@ spec:
|
|||
labels:
|
||||
component: graphql
|
||||
spec:
|
||||
initContainers:
|
||||
- name: pokeapi-connection-checker
|
||||
image: curlimages/curl:latest
|
||||
command: ['sh', '-c',
|
||||
'until curl -f -s --output /dev/null http://pokeapi:80/api/v2/;
|
||||
do echo waiting for pokeapi; sleep 2; done;']
|
||||
containers:
|
||||
- name: graphql-engine
|
||||
image: hasura/graphql-engine:v2.0.0-alpha.5
|
||||
|
@ -25,6 +31,11 @@ spec:
|
|||
secretKeyRef:
|
||||
name: postgres-env-secret
|
||||
key: POSTGRES_PASSWORD
|
||||
- name: HASURA_GRAPHQL_ADMIN_SECRET
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: graphql-env-secret
|
||||
key: HASURA_GRAPHQL_ADMIN_SECRET
|
||||
- name: HASURA_GRAPHQL_DATABASE_URL
|
||||
value: postgres://ash:$(POSTGRES_PASSWORD)@postgresql:5432/pokeapi
|
||||
- name: HASURA_GRAPHQL_ENABLE_CONSOLE
|
||||
|
@ -33,8 +44,6 @@ spec:
|
|||
value: "false"
|
||||
- name: HASURA_GRAPHQL_ENABLED_LOG_TYPES
|
||||
value: startup, http-log, webhook-log, websocket-log, query-log
|
||||
- name: HASURA_GRAPHQL_ADMIN_SECRET
|
||||
value: pokemon
|
||||
- name: HASURA_GRAPHQL_UNAUTHORIZED_ROLE
|
||||
value: anon
|
||||
- name: HASURA_GRAPHQL_ENABLE_TELEMETRY
|
||||
|
|
34
Resources/k8s/kustomize/jobs/load-graphql.yaml
Normal file
34
Resources/k8s/kustomize/jobs/load-graphql.yaml
Normal file
|
@ -0,0 +1,34 @@
|
|||
apiVersion: batch/v1
|
||||
kind: Job
|
||||
metadata:
|
||||
name: load-graphql
|
||||
spec:
|
||||
ttlSecondsAfterFinished: 200
|
||||
template:
|
||||
spec:
|
||||
restartPolicy: Never
|
||||
initContainers:
|
||||
- name: pokeapi-last-built-resource-connection-checker
|
||||
image: curlimages/curl:latest
|
||||
command: ['sh', '-c',
|
||||
'until curl -f -s --output /dev/null http://pokeapi:80/api/v2/pal-park-area/5/;
|
||||
do echo waiting for pokeapi; sleep 2; done;']
|
||||
containers:
|
||||
- name: load-graphql
|
||||
image: debian:buster
|
||||
env:
|
||||
- name: HASURA_GRAPHQL_ADMIN_SECRET
|
||||
valueFrom:
|
||||
secretKeyRef:
|
||||
name: graphql-env-secret
|
||||
key: HASURA_GRAPHQL_ADMIN_SECRET
|
||||
command: ["sh", "-c"]
|
||||
args:
|
||||
- apt-get update &&
|
||||
apt-get install -y git curl &&
|
||||
curl -L https://github.com/hasura/graphql-engine/raw/stable/cli/get.sh | bash &&
|
||||
hasura update-cli --version v2.0.0-alpha.5 &&
|
||||
git clone https://github.com/PokeAPI/pokeapi.git &&
|
||||
cd pokeapi &&
|
||||
git checkout staging &&
|
||||
hasura md apply --endpoint http://graphql:8080 --project graphql --admin-secret $(HASURA_GRAPHQL_ADMIN_SECRET)
|
|
@ -1,18 +0,0 @@
|
|||
apiVersion: batch/v1
|
||||
kind: Job
|
||||
metadata:
|
||||
name: load-graphql
|
||||
namespace: pokeapi
|
||||
spec:
|
||||
ttlSecondsAfterFinished: 200
|
||||
template:
|
||||
spec:
|
||||
containers:
|
||||
- name: load-graphql
|
||||
image: debian:buster
|
||||
env:
|
||||
- name: HASURA_GRAPHQL_ADMIN_SECRET
|
||||
value: pokemon
|
||||
command: ["sh", "-c"]
|
||||
args: ["apt-get update && apt-get install -y git curl && curl -L https://github.com/hasura/graphql-engine/raw/stable/cli/get.sh | bash && hasura update-cli --version v2.0.0-alpha.5 && git clone https://github.com/PokeAPI/pokeapi.git && cd pokeapi && git checkout staging && hasura md apply --endpoint http://graphql:8080 --project graphql --admin-secret $(HASURA_GRAPHQL_ADMIN_SECRET)"]
|
||||
restartPolicy: Never
|
|
@ -10,7 +10,10 @@ configMapGenerator:
|
|||
|
||||
secretGenerator:
|
||||
- name: postgres-env-secret
|
||||
env: secrets/postgres.env # TODO: change in envs as kustomize release 2.0.4
|
||||
env: secrets/postgres.env
|
||||
type: Opaque
|
||||
- name: graphql-env-secret
|
||||
env: secrets/graphql.env
|
||||
type: Opaque
|
||||
|
||||
resources:
|
||||
|
@ -32,3 +35,4 @@ resources:
|
|||
- deployments/graphql-deployment.yaml
|
||||
- deployments/haproxy-ingress-controller.yaml
|
||||
- other/ingress.yaml
|
||||
- jobs/load-graphql.yaml
|
||||
|
|
1
Resources/k8s/kustomize/secrets/graphql.env.sample
Normal file
1
Resources/k8s/kustomize/secrets/graphql.env.sample
Normal file
|
@ -0,0 +1 @@
|
|||
HASURA_GRAPHQL_ADMIN_SECRET=pokeapi-change-me
|
Loading…
Reference in a new issue