feat: schema for harbor databases (#1587)

Co-authored-by: Jehoszafat Zimnowoda <jehoszafat.zimnowoda@redkubes.com>
Co-authored-by: jeho <17126497+j-zimnowoda@users.noreply.github.com>

.gitignore

@@ -15,4 +15,5 @@ chart/otomi/README.md
 workflow/
 *.new
 .envrc
-otomi.cpuprofile
+otomi.cpuprofile
+/.idea/

helmfile.d/helmfile-04.databases.yaml

@@ -11,18 +11,20 @@ bases:
 {{- $v := .Values }}
 {{- $a := $v.apps }}
 {{- $h := $a.harbor }}
+{{- $hdb := $v.databases.harbor }}
+{{- $kdb := $v.databases.keycloak }}
 {{- $k := $a.keycloak }}
 
 releases:
   - name: harbor-otomi-db
-    installed: {{ and ($h | get "enabled")  (or (eq $h.database.type "external")  $h.database.importHarborDb) }}
+    installed: {{ ($h | get "enabled") }}
     namespace: harbor
     labels:
       pkg: harbor
     <<: *otomiDb
   - name: keycloak-otomi-db
-    installed: {{ or $v.databases.keycloak.useOtomiDB  $v.databases.keycloak.imported }}
+    installed: true
     namespace: keycloak
     labels:
       pkg: keycloak
-    <<: *otomiDb
+    <<: *otomiDb

helmfile.d/snippets/defaults.yaml

@@ -214,13 +214,6 @@ environments:
             registry:
               credentials:
                 username: otomi-admin
-            database:
-              type: external
-              size: '5Gi'
-              name: harbor-otomi-db
-              user: harbor
-              coreDatabase: registry
-              importHarborDb: false
             resources:
               trivy:
                 requests:
@@ -756,7 +749,6 @@ environments:
                 memory: 512Mi
         databases:
           keycloak:
-            useOtomiDB: true
             imported: false
             size: '5Gi'
             replicas: 2
@@ -767,6 +759,10 @@ environments:
               requests:
                 cpu: 50m
                 memory: 256Mi
+          harbor:
+            size: '5Gi'
+            replicas: 2
+            coreDatabase: registry
         platformBackups:
           database:
             harbor:

tests/fixtures/env/apps/harbor.yaml

@@ -1,9 +1,6 @@
 apps:
     harbor:
         enabled: true
-        database:
-            type: internal
-            importHarborDb: true
         persistence:
             imageChartStorage:
                 gcs:

tests/fixtures/env/apps/secrets.harbor.yaml

@@ -1,7 +1,6 @@
 apps:
     harbor:
         adminPassword: harborsomesecretvalue
-        databasePassword: somesecretvalue
         persistence:
             imageChartStorage:
                 gcs:

tests/fixtures/env/databases/harbor.yaml

@@ -0,0 +1,3 @@
+databases:
+    harbor:
+        replicas: 3

tests/fixtures/env/databases/keycloak.yaml

@@ -1,4 +1,3 @@
 databases:
     keycloak:
-        useOtomiDB: false
         imported: false

values-changes.yaml

@@ -129,3 +129,17 @@ changes:
     deletions:
       - 'apps.loki.storage.gcs.project'
       - 'apps.loki.storage.gcs.instance'
+  - version: 21
+    deletions:
+      - 'apps.harbor.databasePassword'
+      - 'apps.harbor.database.type'
+      - 'apps.harbor.database.importHarborDb'
+      - 'apps.harbor.database.name'
+      - 'apps.harbor.database.user'
+      - 'apps.harbor.database'
+      - 'databases.keycloak.useOtomiDB'
+    additions:
+      - databases.harbor.replicas: 2
+    relocations:
+      - 'apps.harbor.database.size': 'databases.harbor.size'
+      - 'apps.harbor.resources.database': 'databases.harbor.resources'

values-schema.yaml

@@ -2092,10 +2092,6 @@ properties:
           adminPassword:
             type: string
             x-secret: ''
-          databasePassword:
-            type: string
-            description: Once set and deployed it cannot be changed with manual intervention.
-            x-secret: '{{ randAlphaNum 20 }}'
           core:
             properties:
               secret:
@@ -2196,23 +2192,6 @@ properties:
             required:
               - secret
               - credentials
-          database:
-            properties:
-              size:
-                type: string
-              type:
-                type: string
-                description: Internal is a database provided by the community chart. The external is database provided by the cloudnative-pg.
-                enum:
-                  - internal
-                  - external
-              name:
-                type: string
-              user:
-                type: string
-              importHarborDb:
-                description: Indicate if an existing database should be importend. (Once set to true you must not change it back)
-                type: boolean
           image:
             $ref: '#/definitions/imageSimple'
           resources:
@@ -2222,8 +2201,6 @@ properties:
                 $ref: '#/definitions/resources'
               core:
                 $ref: '#/definitions/resources'
-              database:
-                $ref: '#/definitions/resources'
               jobservice:
                 $ref: '#/definitions/resources'
               portal:
@@ -2239,8 +2216,6 @@ properties:
           secretKey:
             type: string
             x-secret: '{{ randAlpha 16 }}'
-        required:
-          - databasePassword
       httpbin:
         description: The famous httpbin application.
         properties:
@@ -4096,9 +4071,6 @@ properties:
       keycloak:
         title: Keycloak
         properties:
-          useOtomiDB:
-            type: boolean
-            default: false
           size:
             type: string
           resources:
@@ -4109,6 +4081,17 @@ properties:
           imported:
             type: boolean
             default: false
+      harbor:
+        title: Harbor
+        properties:
+          size:
+            type: string
+          resources:
+            $ref: '#/definitions/resources'
+          replicas:
+            type: integer
+            default: 2
+
   teamConfig:
     additionalProperties: false
     patternProperties:

values/harbor/harbor-otomi-db.gotmpl

@@ -1,12 +1,13 @@
 {{- $v := .Values }}
-{{- $h := $v.apps.harbor }}
+{{- $hdb := $v.databases.harbor }}
 {{- $cnpg := $v.apps.cnpg }}
 {{- $sp := $cnpg.storage }}
 {{- $b := $v.platformBackups.database.harbor }}
 
-name: {{ $h.database.name }}
+name: harbor-otomi-db
 storage:
-  size: {{ $h.database.size }}
+  size: {{ $hdb.size }}
+instances: {{ $hdb.replicas }}
 
 {{- if $b.enabled }}
 backup:
@@ -30,42 +31,16 @@ backup:
 {{- end }}
 {{- end }}
 
-
-{{- if $h.database.importHarborDb }}
 clusterSpec:
   bootstrap:
     initdb:
-      database: {{ $h.database.coreDatabase }}
-      owner: {{ $h.database.user }}
-      import:
-        type: microservice
-        databases:
-          - {{ $h.database.coreDatabase }}
-        source:
-          externalCluster: harbor-database
-  externalClusters:
-  - name: harbor-database
-    connectionParameters:
-      host: harbor-database.harbor.svc.cluster.local
-      user: postgres
-      dbname: {{ $h.database.coreDatabase }}
-      sslmode: disable
-    password:
-      name: harbor-database
-      key: POSTGRES_PASSWORD
-{{- else }}
-clusterSpec:  
-  bootstrap:
-    initdb:
-      database: {{ $h.database.coreDatabase }}
-      owner: {{ $h.database.user }}
+      database: {{ $hdb.coreDatabase }}
+      owner: harbor
       localeCollate: 'en_US.UTF-8'
       localeCType: 'en_US.UTF-8'
-{{- end }}
-
 
 resources:
-  {{- with $h | get "resources.database" nil }}
+  {{- with $hdb | get "resources" nil }}
   {{- toYaml . | nindent 6 }}
   {{- else }}
   limits:

values/harbor/harbor.gotmpl

@@ -1,5 +1,6 @@
 {{- $v := .Values }}
 {{- $h := $v.apps.harbor }}
+{{- $db := $v.databases.harbor }}
 {{- $hp := $h | get "persistence" dict }}
 {{- $harborDomain := printf "harbor.%s" $v.cluster.domainSuffix }}
 {{- $notaryDomain := printf "notary.%s" $v.cluster.domainSuffix }}
@@ -8,8 +9,6 @@
 {{- $externalUrl := printf "https://%s" $harborDomain }}
 {{- $tag := $h | get "image.tag" "v2.6.4" }}
 {{/*The cloudNativeDb operator is responsible for creating the secret*/}}
-{{- $databaseExistingSecret := printf "%s-app" $h.database.name }}
-{{- $databaseHost := printf "%s-rw.harbor.svc.cluster.local" $h.database.name }}
 
 externalURL: {{ $externalUrl }}
 fullnameOverride: harbor
@@ -64,50 +63,14 @@ core:
   xsrfKey: {{ $h | get "core.xsrfKey" nil }}
 
 database:
-  type: {{ $h.database.type }}
-  {{- if eq $h.database.type "internal" }}
-  internal:
-    priorityClassName: otomi-critical
-    image:
-      tag: {{ $tag }}
-    initContainer:
-      migrator:
-        resources:
-          limits:
-            cpu: 100m
-            memory: 512Mi
-          requests:
-            cpu: 50m
-            memory: 256Mi
-      permissions:
-        resources:
-          limits:
-            cpu: 100m
-            memory: 512Mi
-          requests:
-            cpu: 50m
-            memory: 256Mi
-    resources:
-      {{- with $h | get "resources.database" nil }}
-      {{- toYaml . | nindent 6 }}
-      {{- else }}
-      limits:
-        cpu: 100m
-        memory: 512Mi
-      requests:
-        cpu: 50m
-        memory: 256Mi
-      {{- end }}
-    password: {{ $h.databasePassword }}
-  {{- else }}
+  type: external
   external:
     # erase default password value from the Harbor Helm chart
     password: null
-    coreDatbase: {{ $h.database.coreDatabase }}
-    username: {{ $h.database.user }}
-    host: {{ $databaseHost }}
-    existingSecret: {{ $databaseExistingSecret }}
-  {{- end }}
+    coreDatabase: {{ $db.coreDatabase }}
+    username: harbor
+    host: harbor-otomi-db-rw.harbor.svc.cluster.local
+    existingSecret: harbor-otomi-db-app
   podAnnotations:
     # this exception allows the chmod fix to pass, which needs root access:
     policy.otomi.io/ignore.data-migrator: psp-allowed-users