From af484206dc50aada422244923134872916d4f0ad Mon Sep 17 00:00:00 2001
From: vilorij <vilorij@ya.ru>
Date: Mon, 28 Sep 2020 15:55:52 +0300
Subject: [PATCH] set ordering dependencies (#38)

add vault-pg sequence permissions
increase max_ttl to  10day

Co-authored-by: Dmitry Skokov <d.skokov@rbkmoney.com>
---
 config/vault/init-cm.yaml |  5 +++--
 helmfile-infra.yaml       | 24 ++++++++++++++++++++++++
 helmfile.yaml             | 27 ++++++++++++++++++++++-----
 3 files changed, 49 insertions(+), 7 deletions(-)
 create mode 100644 helmfile-infra.yaml

diff --git a/config/vault/init-cm.yaml b/config/vault/init-cm.yaml
index 62e0960..e71dd3c 100644
--- a/config/vault/init-cm.yaml
+++ b/config/vault/init-cm.yaml
@@ -20,9 +20,10 @@ data:
         CREATE ROLE \"{{name}}\" WITH LOGIN PASSWORD '{{password}}' VALID UNTIL '{{expiration}}';
         GRANT CREATE ON DATABASE shumway TO \"{{name}}\";
         GRANT ALL ON schema shm TO \"{{name}}\";
-        GRANT ALL ON ALL TABLES IN SCHEMA shm TO \"{{name}}\";" \
+        GRANT ALL ON ALL TABLES IN SCHEMA shm TO \"{{name}}\";
+        GRANT ALL ON ALL SEQUENCES IN SCHEMA shm TO \"{{name}}\";" \
         default_ttl="1h" \
-        max_ttl="24h"
+        max_ttl="240h"
 
     vault auth enable kubernetes
     vault write auth/kubernetes/config \
diff --git a/helmfile-infra.yaml b/helmfile-infra.yaml
new file mode 100644
index 0000000..ef03403
--- /dev/null
+++ b/helmfile-infra.yaml
@@ -0,0 +1,24 @@
+repositories:
+- name: stable
+  url: https://kubernetes-charts.storage.googleapis.com
+
+
+
+templates:
+  default: &default
+    chart: ./services/{{`{{ .Release.Name }}`}}
+    namespace: default
+    # This prevents helmfile exiting when it encounters a missing file
+    # Valid values are "Error", "Warn", "Info", "Debug". The default is "Error"
+    # Use "Debug" to make missing files errors invisible at the default log level(--log-level=INFO)
+    missingFileHandler: Warn
+    values:
+    - config/{{`{{ .Release.Name }}`}}/values.yaml
+
+releases:
+- name: prometheus
+  <<: *default
+  chart: stable/prometheus-operator
+  namespace: monitoring
+  createNamespace: true
+
diff --git a/helmfile.yaml b/helmfile.yaml
index 92052b4..3b24ce2 100644
--- a/helmfile.yaml
+++ b/helmfile.yaml
@@ -21,18 +21,20 @@ templates:
     values:
     - config/{{`{{ .Release.Name }}`}}/values.yaml
 
+
+helmfiles:
+- # Path to the helmfile state file being processed BEFORE releases in this state file
+  path: helmfile-infra.yaml
+
 releases:
-- name: prometheus
-  <<: *default
-  chart: stable/prometheus-operator
-  namespace: monitoring
-  createNamespace: true
 - name: zookeeper
   <<: *default
   chart: incubator/zookeeper
   version: 2.1.3
 - name: kafka
   <<: *default
+  needs:
+  - default/zookeeper
   chart: incubator/kafka
   version: 0.21.2
 - name: consul
@@ -43,10 +45,14 @@ releases:
   <<: *default
   chart: bitnami/postgresql
   version: 9.2.0
+  atomic: true
 - name: vault
   <<: *default
   chart: hashicorp/vault
   version: 0.7.0
+  needs:
+  - default/postgres
+  atomic: true
 - name: keycloak
   <<: *default
   chart: codecentric/keycloak
@@ -57,8 +63,13 @@ releases:
   set:
   - name: config.user
     file: config/mg-riak/user.yaml
+  atomic: true
 - name: machinegun
   <<: *default
+  needs:
+  - default/consul
+  - default/mg-riak
+  - default/kafka
   set:
   - name: appConfig
     file: config/machinegun/config.yaml
@@ -95,11 +106,17 @@ releases:
     file: config/cds/client.pem
 - name: shumway
   <<: *default
+  needs:
+  - default/vault
+  atomic: true
   set:
   - name: entrypoint
     file: config/shumway/entrypoint.sh
 - name: dominant
   <<: *default
+  needs:
+  - default/shumway
+  #installed: false
   set:
   - name: initializationTask.script
     file: config/dominant/init-script.sh