set ordering dependencies (#38)

add vault-pg sequence permissions increase max_ttl to 10day Co-authored-by: Dmitry Skokov <d.skokov@rbkmoney.com>
2024-11-06 08:55:21 +00:00 · 2020-09-28 15:55:52 +03:00 · 2020-09-28 15:55:52 +03:00 · af484206dc
commit af484206dc
parent 1319c499c6
3 changed files with 49 additions and 7 deletions
--- a/config/vault/init-cm.yaml
+++ b/config/vault/init-cm.yaml
@ -20,9 +20,10 @@ data:
        CREATE ROLE \"{{name}}\" WITH LOGIN PASSWORD '{{password}}' VALID UNTIL '{{expiration}}';
        GRANT CREATE ON DATABASE shumway TO \"{{name}}\";
        GRANT ALL ON schema shm TO \"{{name}}\";
-        GRANT ALL ON ALL TABLES IN SCHEMA shm TO \"{{name}}\";" \
+        GRANT ALL ON ALL TABLES IN SCHEMA shm TO \"{{name}}\";
+        GRANT ALL ON ALL SEQUENCES IN SCHEMA shm TO \"{{name}}\";" \
        default_ttl="1h" \
-        max_ttl="24h"
+        max_ttl="240h"

    vault auth enable kubernetes
    vault write auth/kubernetes/config \
--- a/helmfile-infra.yaml
+++ b/helmfile-infra.yaml
@ -0,0 +1,24 @@
+repositories:
+- name: stable
+  url: https://kubernetes-charts.storage.googleapis.com
+
+
+
+templates:
+  default: &default
+    chart: ./services/{{`{{ .Release.Name }}`}}
+    namespace: default
+    # This prevents helmfile exiting when it encounters a missing file
+    # Valid values are "Error", "Warn", "Info", "Debug". The default is "Error"
+    # Use "Debug" to make missing files errors invisible at the default log level(--log-level=INFO)
+    missingFileHandler: Warn
+    values:
+    - config/{{`{{ .Release.Name }}`}}/values.yaml
+
+releases:
+- name: prometheus
+  <<: *default
+  chart: stable/prometheus-operator
+  namespace: monitoring
+  createNamespace: true
+
--- a/helmfile.yaml
+++ b/helmfile.yaml
@ -21,18 +21,20 @@ templates:
    values:
    - config/{{`{{ .Release.Name }}`}}/values.yaml

+
+helmfiles:
+- # Path to the helmfile state file being processed BEFORE releases in this state file
+  path: helmfile-infra.yaml
+
 releases:
- name: prometheus
-  <<: *default
-  chart: stable/prometheus-operator
-  namespace: monitoring
-  createNamespace: true
 - name: zookeeper
  <<: *default
  chart: incubator/zookeeper
  version: 2.1.3
 - name: kafka
  <<: *default
+  needs:
+  - default/zookeeper
  chart: incubator/kafka
  version: 0.21.2
 - name: consul
@ -43,10 +45,14 @@ releases:
  <<: *default
  chart: bitnami/postgresql
  version: 9.2.0
+  atomic: true
 - name: vault
  <<: *default
  chart: hashicorp/vault
  version: 0.7.0
+  needs:
+  - default/postgres
+  atomic: true
 - name: keycloak
  <<: *default
  chart: codecentric/keycloak
@ -57,8 +63,13 @@ releases:
  set:
  - name: config.user
    file: config/mg-riak/user.yaml
+  atomic: true
 - name: machinegun
  <<: *default
+  needs:
+  - default/consul
+  - default/mg-riak
+  - default/kafka
  set:
  - name: appConfig
    file: config/machinegun/config.yaml
@ -95,11 +106,17 @@ releases:
    file: config/cds/client.pem
 - name: shumway
  <<: *default
+  needs:
+  - default/vault
+  atomic: true
  set:
  - name: entrypoint
    file: config/shumway/entrypoint.sh
 - name: dominant
  <<: *default
+  needs:
+  - default/shumway
+  #installed: false
  set:
  - name: initializationTask.script
    file: config/dominant/init-script.sh