Merge pull request #197 from RS-PYTHON/helm-debug

Improve S3 docs and CI

Author: vprivat-ads

.github/workflows/test-deployment.yml

@@ -65,12 +65,20 @@ jobs:
         run: |
           kubectl label node cluster.local node-role.kubernetes.io/infra=
         shell: bash
+      - name: Deploy minio
+        run: |
+          # Minio for cloudnative pg - https://github.com/minio/minio/tree/master/helm/minio#installing-the-chart-toy-setup
+          helm repo add minio https://charts.min.io/
+          helm repo update minio
+          helm install minio minio/minio --namespace minio --set mode=standalone --set replicas=1 --set persistence.enabled=false --set resources.requests.memory=512Mi --set rootUser=s3_access_key,rootPassword=s3_secret_key --set buckets[0].name=rs-cluster-psql,buckets[1].name=rs-cluster-velero --create-namespace --wait
+        shell: bash
       - name: Generate inventory
         run: |
           cp -rfp inventory/sample inventory/mycluster
           mv inventory/mycluster/.env.template inventory/mycluster/.env
           mv inventory/mycluster/openrc.sh.template inventory/mycluster/openrc.sh
           sed -i 's!<changeme_with_full_path>/miniforge3/envs/rspy!/usr/share/miniconda/envs/rspy!g' inventory/mycluster/hosts.yaml
+          sed -i 's!https://s3.gra.io.cloud.ovh.net!http://minio.minio.svc.cluster.local:9000!' inventory/mycluster/host_vars/setup/main.yaml
           conda run -n rspy --no-capture-output env PYTHONUNBUFFERED=1 ANSIBLE_FORCE_COLOR=1 ansible-playbook registry.yaml -i inventory/mycluster/hosts.yaml -e ci_mode=true
           conda run -n rspy --no-capture-output env PYTHONUNBUFFERED=1 ANSIBLE_FORCE_COLOR=1 ansible-playbook generate_inventory.yaml -i inventory/mycluster/hosts.yaml
         shell: bash
@@ -80,17 +88,10 @@ jobs:
         shell: bash
       - name: Deploy the apps (for real)
         run: |
-          sed -i 's!debug: false!debug: true!g' roles/app-installer/tasks/install_app.yaml
+          sed -i 's!debug: false!debug: true!g' roles/app-installer/defaults/main.yaml
           sed -i 's!cinder.csi.openstack.org!k8s.io/minikube-hostpath!g' apps/00-storage-class/sc-retain.yaml
           sed -i 's!instances: 3!instances: 1!g' apps/03-cloudnative-pg/cluster.yaml
           sed -i -e 's!https://iam.{{ platform_domain_name }}!http://keycloak-service.iam.svc.cluster.local:8080!g' -e 's!insecure_oidc_skip_issuer_verification="false"!insecure_oidc_skip_issuer_verification="true"!g' apps/oauth2-proxy/values.yaml
 
-          # Minio for cloudnative pg
-          sed -i -e 's!{{ s3.access_key }}!access_key!' -e 's!{{ s3.secret_key }}!secret_key!' apps/03-cloudnative-pg/secrets.yaml
-          sed -i -e 's!{{ postgresql.bucket }}!bucket!' -e 's!{{ s3.endpoint }}!http://minio.minio.svc.cluster.local:9000!' apps/03-cloudnative-pg/objectstore.yaml
-          helm repo add minio https://charts.min.io/
-          helm repo update minio
-          helm install minio minio/minio --namespace minio --set mode=standalone --set persistence.enabled=false --set resources.requests.memory=1Gi --set rootUser=access_key --set rootPassword=secret_key --set buckets[0].name=bucket --create-namespace --wait
-
           conda run -n rspy --no-capture-output env PYTHONUNBUFFERED=1 ANSIBLE_FORCE_COLOR=1 ansible-playbook apps.yaml -i inventory/mycluster/hosts.yaml
         shell: bash

docs/how-to/Credentials.md

@@ -40,7 +40,7 @@ graylog:
 
 ## Reuse credentials
 
-Like in the example values, you can reuse crendentials already set up in the inventory files. This functionnality is used in the sample inventory for the S3 keys and endpoints that are often the same accross applications:
+Like in the example values, you can reuse credentials already set up in the inventory files. This functionality is used in the sample inventory for the S3 keys and endpoints that are often the same accross applications:
 
 ```yaml
 # {{ inventory_dir }}/host_vars/setup/main.yaml
@@ -52,17 +52,17 @@ s3:
 ```
 
 ```yaml
-# {{ inventory_dir }}/host_vars/setup/apps/thanos.yaml
-thanos:
+# apps/velero/values.yaml
+velero:
   s3:
-    bucket: THANOS_BUCKET
-    endpoint: "{{ common.s3.endpoint }}"
-    region: "{{ common.s3.region }}"
-    access_key: "{{ common.s3.access_key }}"
-    secret_key: "{{ common.s3.secret_key }}"
+    bucket: VELERO_BUCKET
+    endpoint: "{{ s3.endpoint }}"
+    region: "{{ s3.region }}"
+    access_key: "{{ s3.access_key }}"
+    secret_key: "{{ s3.secret_key }}"
 ```
 
-## Retrieve indivindual credentials from a HashiCorp Vault
+## Retrieve individual credentials from a HashiCorp Vault
 
 You can retrieve credentials from a *HashiCorp Vault* instance using the *hvac* ansible plugin:
 

inventory/sample/host_vars/setup/main.yaml

@@ -19,5 +19,5 @@ platform_domain_name: rspy.example.com
 s3:
   endpoint: https://s3.gra.io.cloud.ovh.net
   region: gra
-  access_key: AK
-  secret_key: SK
+  access_key: s3_access_key
+  secret_key: s3_secret_key