Elgato_dark/fleet
1
0
Fork 0
mirror of https://github.com/fleetdm/fleet synced 2026-05-23 00:49:03 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 106

feat: Job based migrations on pre install and upgrade (#3827)

Browse source
This commit is contained in:
Pratik 2022-02-04 05:12:42 +05:30 committed by GitHub
parent 243306de02
commit 097b595a60
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
3 changed files with 141 additions and 11 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

11
charts/fleet/templates/deployment.yaml
View file

@ -31,15 +31,8 @@ spec:
spec:
containers:
- name: fleet
command:
{{- if .Values.fleet.autoApplySQLMigrations }}
- /bin/sh
- -c
- /usr/bin/fleet prepare db --no-prompt && /usr/bin/fleet serve
{{ else }}
- /usr/bin/fleet
- serve
{{- end }}
command: [/usr/bin/fleet]
args: ["serve"]
image: fleetdm/fleet:{{ .Values.imageTag }}
ports:
- name: fleet

138
charts/fleet/templates/job-migration.yaml Normal file
View file

@ -0,0 +1,138 @@
{{- if .Values.fleet.autoApplySQLMigrations }}
apiVersion: batch/v1
kind: Job
metadata:
labels:
app: fleet
chart: fleet
heritage: {{ .Release.Service }}
release: {{ .Release.Name }}
name: fleet-migration
namespace: {{ .Release.Namespace }}
annotations:
"helm.sh/hook": pre-install,pre-upgrade
"helm.sh/hook-weight": "1"
"helm.sh/hook-delete-policy": hook-succeeded
spec:
template:
metadata:
{{- with .Values.podAnnotations }}
annotations:
{{- toYaml . | trim | nindent 8 }}
{{- end }}
labels:
app: fleet
chart: fleet
heritage: {{ .Release.Service }}
release: {{ .Release.Name }}
spec:
restartPolicy: Never
containers:
- name: fleet-migration
command: [/usr/bin/fleet]
args: ["prepare","db","--no-prompt"]
image: fleetdm/fleet:{{ .Values.imageTag }}
resources:
limits:
cpu: {{ .Values.resources.limits.cpu }}
memory: {{ .Values.resources.limits.memory }}
requests:
cpu: {{ .Values.resources.requests.cpu }}
memory: {{ .Values.resources.requests.memory }}
env:
- name: FLEET_SERVER_ADDRESS
value: "0.0.0.0:{{ .Values.fleet.listenPort }}"
- name: FLEET_AUTH_BCRYPT_COST
value: "{{ .Values.fleet.auth.bcryptCost }}"
- name: FLEET_AUTH_SALT_KEY_SIZE
value: "{{ .Values.fleet.auth.saltKeySize }}"
- name: FLEET_APP_TOKEN_KEY_SIZE
value: "{{ .Values.fleet.app.tokenKeySize }}"
- name: FLEET_APP_TOKEN_VALIDITY_PERIOD
value: "{{ .Values.fleet.app.inviteTokenValidityPeriod }}"
- name: FLEET_SESSION_KEY_SIZE
value: "{{ .Values.fleet.session.keySize }}"
- name: FLEET_SESSION_DURATION
value: "{{ .Values.fleet.session.duration }}"
- name: FLEET_LOGGING_DEBUG
value: "{{ .Values.fleet.logging.debug }}"
- name: FLEET_LOGGING_JSON
value: "{{ .Values.fleet.logging.json }}"
- name: FLEET_LOGGING_DISABLE_BANNER
value: "{{ .Values.fleet.logging.disableBanner }}"
- name: FLEET_SERVER_TLS
value: "{{ .Values.fleet.tls.enabled }}"
{{- if .Values.fleet.tls.enabled }}
- name: FLEET_SERVER_TLS_COMPATIBILITY
value: "{{ .Values.fleet.tls.compatibility }}"
- name: FLEET_SERVER_CERT
value: "/secrets/tls/{{ .Values.fleet.tls.certSecretKey }}"
- name: FLEET_SERVER_KEY
value: "/secrets/tls/{{ .Values.fleet.tls.keySecretKey }}"
{{- end }}
## END FLEET SECTION
## BEGIN MYSQL SECTION
- name: FLEET_MYSQL_ADDRESS
value: "{{ .Values.mysql.address }}"
- name: FLEET_MYSQL_DATABASE
value: "{{ .Values.mysql.database }}"
- name: FLEET_MYSQL_USERNAME
value: "{{ .Values.mysql.username }}"
- name: FLEET_MYSQL_PASSWORD
valueFrom:
secretKeyRef:
name: {{ .Values.mysql.secretName }}
key: {{ .Values.mysql.passwordKey }}
- name: FLEET_MYSQL_MAX_OPEN_CONNS
value: "{{ .Values.mysql.maxOpenConns }}"
- name: FLEET_MYSQL_MAX_IDLE_CONNS
value: "{{ .Values.mysql.maxIdleConns }}"
- name: FLEET_MYSQL_CONN_MAX_LIFETIME
value: "{{ .Values.mysql.connMaxLifetime }}"
{{- if .Values.mysql.tls.enabled }}
- name: FLEET_MYSQL_TLS_CA
value: "/secrets/mysql/{{ .Values.mysql.tls.caCertKey }}"
- name: FLEET_MYSQL_TLS_CERT
value: "/secrets/mysql/{{ .Values.mysql.tls.certKey }}"
- name: FLEET_MYSQL_TLS_KEY
value: "/secrets/mysql/{{ .Values.mysql.tls.keyKey }}"
- name: FLEET_MYSQL_TLS_CONFIG
value: "{{ .Values.mysql.tls.config }}"
- name: FLEET_MYSQL_TLS_SERVER_NAME
value: "{{ .Values.mysql.tls.serverName }}"
{{- end }}
## END MYSQL SECTION
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop: [ALL]
privileged: false
readOnlyRootFilesystem: true
runAsGroup: 3333
runAsUser: 3333
runAsNonRoot: true
volumeMounts:
{{- if .Values.mysql.tls.enabled }}
- name: mysql-tls
readOnly: true
mountPath: /secrets/mysql
{{- end }}
volumes:
{{- if .Values.mysql.tls.enabled }}
- name: mysql-tls
secret:
secretName: "{{ .Values.mysql.secretName }}"
{{- end }}
{{- with .Values.nodeSelector }}
nodeSelector:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.affinity }}
affinity:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- with .Values.tolerations }}
tolerations:
{{- toYaml . | nindent 8 }}
{{- end }}
{{- end }}

3
charts/fleet/values.yaml
View file

@ -44,8 +44,7 @@ fleet:
# Name of the Secret resource storing TLS and S3 bucket secrets
secretName: fleet
# Whether or not to run `fleet db prepare` to run SQL migrations before starting Fleet
# WARNING: This may cause database corruption if more than one migration is attempted at a time
autoApplySQLMigrations: false
autoApplySQLMigrations: true
tls:
enabled: true
compatibility: modern