From 8cb13d53d5a375f357b7ed165922621f1a32eb66 Mon Sep 17 00:00:00 2001 From: Julien Bouquillon Date: Mon, 18 Dec 2023 13:55:19 +0100 Subject: [PATCH] fix(ci): restore from cnpg (#1736) * fix: restore from CNPG * fix: reset dbs on dev/preprod deploys * fix * fix * fix * fix * fix * fix * Update values.yaml * Update values.yaml * Update values.yaml --- .DS_Store | Bin 6148 -> 0 bytes ...prod-backups-access-key.sealed-secret.yaml | 17 ++++ .kontinuous/env/dev/values.yaml | 73 +++++++----------- ...prod-backups-access-key.sealed-secret.yaml | 17 ++++ .kontinuous/env/preprod/values.yaml | 69 +++++++---------- 5 files changed, 91 insertions(+), 85 deletions(-) delete mode 100644 .DS_Store create mode 100644 .kontinuous/env/dev/templates/les1000jours-prod-backups-access-key.sealed-secret.yaml create mode 100644 .kontinuous/env/preprod/templates/les1000jours-prod-backups-access-key.sealed-secret.yaml diff --git a/.DS_Store b/.DS_Store deleted file mode 100644 index 646481edc6526522152592312fda364a6bfab947..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 6148 zcmeHKJB|V|47K@4NHkM!nJaLE2*C-s0Adjp+L8G5Q*kbi#`C9OG};wgY_mK|&PyD> zM0v${EF!wR?iV7Bh|J)Ia9G7Y! z2b}w>V_&R7BEYh?28@`=SrUF#pX9ev0P~e6&u?zH12L^8efD?q> zF!x>pSS$dniCrKfFbyg&sG2Q?1|9K|c{Q;M47#Y_jC1m4%??HVcEpRPi`GDnRDcTf z6&S~|vHHJ;f7Ac>NnB9@D)6rq(8+4ETH;ArTL+J`T3g^-xaHj8W|%t#gO_8Vmt!of f9DjIHiGvE;K6e*9trUIN};p diff --git a/.kontinuous/env/dev/templates/les1000jours-prod-backups-access-key.sealed-secret.yaml b/.kontinuous/env/dev/templates/les1000jours-prod-backups-access-key.sealed-secret.yaml new file mode 100644 index 000000000..dae5c44c6 --- /dev/null +++ b/.kontinuous/env/dev/templates/les1000jours-prod-backups-access-key.sealed-secret.yaml @@ -0,0 +1,17 @@ +apiVersion: bitnami.com/v1alpha1 +kind: SealedSecret +metadata: + annotations: + sealedsecrets.bitnami.com/cluster-wide: 'true' + name: les1000jours-prod-backups-access-key +spec: + encryptedData: + bucket_access_key: AgBXMBpaDwqtV9Zvv0yssxa9167/rrp9L+XM2CSCBo2V+26dNHOUdObKZCXoB7+383xsE+ip7ibE2qft0bvUpTXqpqpkCEbTTFPu/sEYyLl/ndV2YPm4HJLf5JXMcCQUAc5RyG0f9tdQjn6saIqQQkbOLT7hPF9C+phU6XOjdaIwTQb3sD94ZSXJJ8rCmeYoBfGJAkfwSxPNdprCQDe2qB63wz+1NiL15OG3pX1b/5xAhMVN19W8ExJ9khqkAE6vqGjw95mqlPxhqWcPOCZWQKd17rQavWHOGlCIR1oX5GwNqsRnoJFSxqRCI+jltpgBOaZD3+XVBw6frkFwKPZvnz6ltuLI7VtHixKH0MPBLNUC39gQ47AyFTlMuH4oEFPvDA8iy6HKovPhA/SzO14gHhRci25ICqjvrglXIBE6NXvKYLn98twWbIozH/nwFWQ1UC9ZNKmQeNdDqUA6a8GTTYiphlsAKZ67mc9IFA6bpL4xOb5kucB2MrTNgTxJAeLgVO3nVCayXejUhT91AZqjz7RYhy+1h8xUBWm57PExxCJ3hAiyMim6Mj9Dc+EZGMqsYg3SRcrDT3ncbb+oBSuTxFytTDsa4+mKUV8k+NDOgInWSER21RniN+zt6uMtsRPcItoQvj5cvMYPe9m19XqH/wGjTFbgd+Aoa3ktTwJw9q83zUx9wbZ4BlYYrOeFBLhOQpnT8toPrsug2CpzkhdRRXp4aM84mOy6WAzNOgcdDO2/eA== + bucket_region: AgAgvbih0BEDkbHdDTZYj6EBZzHXXt2AEBsh4QY2T5oNq7bOcsccEwNDFvpNsc/jVRB/f+8GnS8+FN2cUeV0ddsw85Ioh/h1Ftu6V+a2i/6bQ4v9fAeZARp8bkGG0umtxhY09vsmThC/JBrmamDgiyK05ArvwacYUKKyooPAMJ6kP1PeGKgpx+O0WsYuK/qPDg61f7nGkt8z0iOnaU6NYMzaJjknZ9LWcpV5XSDCLzvPI6mDMB/eke8gMwGLejqdg4iqfCbE2z3ex1tvTob4rMNqdfjqkQSA4VADi5V40Kov+15+QQDFZe/im3N0BWVZiQB5M4BotXPtwz4k3aGXMREHrk9lwenjlsU4Hpp/snXm68VfDRYh1gSUUEFVxLtcFcDdGSCqxP/RXA/TqU2M2+DvRpq18BI2TNQ0O6c9gQVYUTFAAPEv6VIsCVEL7iFjhlC9ETyXOYtrnpKTwq+bJDbvwua7+g/9uM8nnb7VvMdvOpIQcfEPrL1NJdFUWmbE2LynFfmSBF9cKz07tpu945EAP+VOF3Zn3+LfJa9aHJ6qi/7zbguNblZcx8KfoIS0MWLyutnBtJN/2IuFcobPBYWwlDpNpit9KJ7y3Be+3H6obCyimz1lhXfl7dF0WPAluDQGbvoCfsUx9LxicrDnXoGA5pRqNKwLBp0pUE2TIFY47+lS8hCvtj9xFo+4lSxCs3Loe9k= + bucket_secret_key: AgDQrJS7bl3CECS8V73hd+m2ZQrjLYa4tAGkW6wF97hl4RJoLB1y6G3ztFv2QOcfSy9b+r/lBaMk8qs+R2RWI0yAp+WEXGcODJyl+qeMrw0wXpeHBV7UlklFRz9h+jsZ8jW1qJPo1ArRv6wYs5ZRttB5ND5FkobgIRkHD4tOkMyXWPI5JoSycTwNPX6+UKSeiOo0CxPbTT50iq5V7ZufxznYQRMu5fo1mP051GoAnbLVIm6T8Ns+KBxZ0F8DXpWj/IV/SBjCea7MfG3xkHa4vAwsAkc4om+5FE1jL6tE47Mm0CJxdd8Unhco4iIPucrznVu0J5cJCv0nlD36mV17WY9j/3EyZTsT79MAlfRLD6okWfJ30kRBQ9Fa2onRybnDkhlY4rL1yFpKLKNozNa3qMoxk53wKidcc7kH1wAIcTLtjdtWwAJD6KHtEDjZTYS6n75Vi6s5SIU5ujb5dEPj2F7Yu6F6uuE8kylPZjky0TUOOPsG/eXS6FDO3tnl8CVP2oCz42iWxWNAOziIp8UP2U+2Z1rdIA8GU9u4mI/FtBszyzA4vZihuyxj/L8XtMjHzI+A24Pqw9kBsNtxUDEUzBDOD+tXXtgZeeO9MaSNHeaq9RldNaXXq8HFamlPBsJpkV6vNWGUCOTShF6xTEqjOblnFdjGrXkLxR2T2KOZ/FKmCCuRluVeMt1NSTRWbKh9UXGsjdB2AWqddub5j1NAn4vFjO0AqSqEL1w6M91ntQGWFg== + template: + metadata: + annotations: + sealedsecrets.bitnami.com/cluster-wide: 'true' + name: les1000jours-prod-backups-access-key + type: Opaque diff --git a/.kontinuous/env/dev/values.yaml b/.kontinuous/env/dev/values.yaml index eaab84a7c..dda91389d 100644 --- a/.kontinuous/env/dev/values.yaml +++ b/.kontinuous/env/dev/values.yaml @@ -1,5 +1,6 @@ + app-strapi: - ~needs: [pg, build-strapi, restore] + ~needs: [pg, build-strapi] ~preDeploy.cleaner: match: kind: Deployment @@ -19,45 +20,31 @@ app-strapi: name: "pg-app" # - secretRef: # name: azure-les1000jours-volume -# -# todo: a remplacer par une conf de restore CNPG -# -jobs: - runs: - restore: - ~needs: [pg] - use: pg-restore - checkout: false - with: - mountPath: /mnt/restore - restorePath: "${LATEST}" - pgAdminUserSecretRefName: pg-superuser - env: # there is a bug when setting custom job env, so we have to repeat "with" vars here - - name: RESTORE_PATH - value: "${LATEST}" - - name: OWNER - value: "{{ $.Values.global.pgUser }}" - - name: MOUNT_PATH - value: /mnt/restore - - name: FILTER_PATH - value: prod_db - - name: PGPASSWORD - value: "$(password)" - - name: PGUSER - value: "$(username)" - - name: PGHOST - value: "pg-rw" - - name: PGDATABASE - value: "{{ $.Values.global.pgDatabase }}" - volumeMounts: - - name: restore - mountPath: /mnt/restore - readOnly: true - volumes: - - name: restore - csi: - driver: file.csi.azure.com - readOnly: true - volumeAttributes: - secretName: les1000joursprodserver-backup-credentials - shareName: les1000jprodsrv2-backup-restore + +pg: + ~chart: pg + # this force ce PG cluster to be destroyed on redeploys + ~preDeploy.cleaner: + match: + kind: Cluster + value: true + cnpg-cluster: + recovery: + ~tpl~database: "{{ .Values.global.pgDatabase }}" + ~tpl~owner: "{{ .Values.global.pgUser }}" + secretName: "pg-db" + enabled: true + #targetTime: "2023-12-01T09:00:00" + barmanObjectStore: + ~tpl~destinationPath: "s3://les1000jours-prod-backups/les1000jours" + s3Credentials: + accessKeyId: + ~tpl~name: "les1000jours-prod-backups-access-key" + key: bucket_access_key + secretAccessKey: + ~tpl~name: "les1000jours-prod-backups-access-key" + key: bucket_secret_key + region: + ~tpl~name: "les1000jours-prod-backups-access-key" + key: bucket_region + diff --git a/.kontinuous/env/preprod/templates/les1000jours-prod-backups-access-key.sealed-secret.yaml b/.kontinuous/env/preprod/templates/les1000jours-prod-backups-access-key.sealed-secret.yaml new file mode 100644 index 000000000..dae5c44c6 --- /dev/null +++ b/.kontinuous/env/preprod/templates/les1000jours-prod-backups-access-key.sealed-secret.yaml @@ -0,0 +1,17 @@ +apiVersion: bitnami.com/v1alpha1 +kind: SealedSecret +metadata: + annotations: + sealedsecrets.bitnami.com/cluster-wide: 'true' + name: les1000jours-prod-backups-access-key +spec: + encryptedData: + bucket_access_key: AgBXMBpaDwqtV9Zvv0yssxa9167/rrp9L+XM2CSCBo2V+26dNHOUdObKZCXoB7+383xsE+ip7ibE2qft0bvUpTXqpqpkCEbTTFPu/sEYyLl/ndV2YPm4HJLf5JXMcCQUAc5RyG0f9tdQjn6saIqQQkbOLT7hPF9C+phU6XOjdaIwTQb3sD94ZSXJJ8rCmeYoBfGJAkfwSxPNdprCQDe2qB63wz+1NiL15OG3pX1b/5xAhMVN19W8ExJ9khqkAE6vqGjw95mqlPxhqWcPOCZWQKd17rQavWHOGlCIR1oX5GwNqsRnoJFSxqRCI+jltpgBOaZD3+XVBw6frkFwKPZvnz6ltuLI7VtHixKH0MPBLNUC39gQ47AyFTlMuH4oEFPvDA8iy6HKovPhA/SzO14gHhRci25ICqjvrglXIBE6NXvKYLn98twWbIozH/nwFWQ1UC9ZNKmQeNdDqUA6a8GTTYiphlsAKZ67mc9IFA6bpL4xOb5kucB2MrTNgTxJAeLgVO3nVCayXejUhT91AZqjz7RYhy+1h8xUBWm57PExxCJ3hAiyMim6Mj9Dc+EZGMqsYg3SRcrDT3ncbb+oBSuTxFytTDsa4+mKUV8k+NDOgInWSER21RniN+zt6uMtsRPcItoQvj5cvMYPe9m19XqH/wGjTFbgd+Aoa3ktTwJw9q83zUx9wbZ4BlYYrOeFBLhOQpnT8toPrsug2CpzkhdRRXp4aM84mOy6WAzNOgcdDO2/eA== + bucket_region: AgAgvbih0BEDkbHdDTZYj6EBZzHXXt2AEBsh4QY2T5oNq7bOcsccEwNDFvpNsc/jVRB/f+8GnS8+FN2cUeV0ddsw85Ioh/h1Ftu6V+a2i/6bQ4v9fAeZARp8bkGG0umtxhY09vsmThC/JBrmamDgiyK05ArvwacYUKKyooPAMJ6kP1PeGKgpx+O0WsYuK/qPDg61f7nGkt8z0iOnaU6NYMzaJjknZ9LWcpV5XSDCLzvPI6mDMB/eke8gMwGLejqdg4iqfCbE2z3ex1tvTob4rMNqdfjqkQSA4VADi5V40Kov+15+QQDFZe/im3N0BWVZiQB5M4BotXPtwz4k3aGXMREHrk9lwenjlsU4Hpp/snXm68VfDRYh1gSUUEFVxLtcFcDdGSCqxP/RXA/TqU2M2+DvRpq18BI2TNQ0O6c9gQVYUTFAAPEv6VIsCVEL7iFjhlC9ETyXOYtrnpKTwq+bJDbvwua7+g/9uM8nnb7VvMdvOpIQcfEPrL1NJdFUWmbE2LynFfmSBF9cKz07tpu945EAP+VOF3Zn3+LfJa9aHJ6qi/7zbguNblZcx8KfoIS0MWLyutnBtJN/2IuFcobPBYWwlDpNpit9KJ7y3Be+3H6obCyimz1lhXfl7dF0WPAluDQGbvoCfsUx9LxicrDnXoGA5pRqNKwLBp0pUE2TIFY47+lS8hCvtj9xFo+4lSxCs3Loe9k= + bucket_secret_key: AgDQrJS7bl3CECS8V73hd+m2ZQrjLYa4tAGkW6wF97hl4RJoLB1y6G3ztFv2QOcfSy9b+r/lBaMk8qs+R2RWI0yAp+WEXGcODJyl+qeMrw0wXpeHBV7UlklFRz9h+jsZ8jW1qJPo1ArRv6wYs5ZRttB5ND5FkobgIRkHD4tOkMyXWPI5JoSycTwNPX6+UKSeiOo0CxPbTT50iq5V7ZufxznYQRMu5fo1mP051GoAnbLVIm6T8Ns+KBxZ0F8DXpWj/IV/SBjCea7MfG3xkHa4vAwsAkc4om+5FE1jL6tE47Mm0CJxdd8Unhco4iIPucrznVu0J5cJCv0nlD36mV17WY9j/3EyZTsT79MAlfRLD6okWfJ30kRBQ9Fa2onRybnDkhlY4rL1yFpKLKNozNa3qMoxk53wKidcc7kH1wAIcTLtjdtWwAJD6KHtEDjZTYS6n75Vi6s5SIU5ujb5dEPj2F7Yu6F6uuE8kylPZjky0TUOOPsG/eXS6FDO3tnl8CVP2oCz42iWxWNAOziIp8UP2U+2Z1rdIA8GU9u4mI/FtBszyzA4vZihuyxj/L8XtMjHzI+A24Pqw9kBsNtxUDEUzBDOD+tXXtgZeeO9MaSNHeaq9RldNaXXq8HFamlPBsJpkV6vNWGUCOTShF6xTEqjOblnFdjGrXkLxR2T2KOZ/FKmCCuRluVeMt1NSTRWbKh9UXGsjdB2AWqddub5j1NAn4vFjO0AqSqEL1w6M91ntQGWFg== + template: + metadata: + annotations: + sealedsecrets.bitnami.com/cluster-wide: 'true' + name: les1000jours-prod-backups-access-key + type: Opaque diff --git a/.kontinuous/env/preprod/values.yaml b/.kontinuous/env/preprod/values.yaml index 5c081c75b..d4a838db6 100644 --- a/.kontinuous/env/preprod/values.yaml +++ b/.kontinuous/env/preprod/values.yaml @@ -1,50 +1,35 @@ app-strapi: host: "backoffice-1000jours-preprod.dev.fabrique.social.gouv.fr" - ~needs: [pg, build-strapi, restore] + ~needs: [pg, build-strapi] addVolumes: - uploads volumeMounts: - mountPath: /app/public/uploads name: uploads -# todo: a remplacer par une conf de restore CNPG -# -jobs: - runs: - restore: - ~needs: [pg] - use: pg-restore - checkout: false - with: - mountPath: /mnt/restore - restorePath: "${LATEST}" - pgAdminUserSecretRefName: pg-superuser - env: # there is a bug when setting custom job env, so we have to repeat "with" vars here - - name: RESTORE_PATH - value: "${LATEST}" - - name: OWNER - value: "{{ $.Values.global.pgUser }}" - - name: MOUNT_PATH - value: /mnt/restore - - name: FILTER_PATH - value: prod_db - - name: PGPASSWORD - value: "$(password)" - - name: PGUSER - value: "$(username)" - - name: PGHOST - value: "pg-rw" - - name: PGDATABASE - value: "{{ $.Values.global.pgDatabase }}" - volumeMounts: - - name: restore - mountPath: /mnt/restore - readOnly: true - volumes: - - name: restore - csi: - driver: file.csi.azure.com - readOnly: true - volumeAttributes: - secretName: les1000joursprodserver-backup-credentials - shareName: les1000jprodsrv2-backup-restore +pg: + ~chart: pg + # this force ce PG cluster to be destroyed on redeploys + ~preDeploy.cleaner: + match: + kind: Cluster + value: true + cnpg-cluster: + recovery: + enabled: true + ~tpl~database: "{{ .Values.global.pgDatabase }}" + ~tpl~owner: "{{ .Values.global.pgUser }}" + secretName: "pg-db" + barmanObjectStore: + ~tpl~destinationPath: "s3://les1000jours-prod-backups/les1000jours" + s3Credentials: + accessKeyId: + ~tpl~name: "les1000jours-prod-backups-access-key" + key: bucket_access_key + secretAccessKey: + ~tpl~name: "les1000jours-prod-backups-access-key" + key: bucket_secret_key + region: + ~tpl~name: "les1000jours-prod-backups-access-key" + key: bucket_region +