UNCLASSIFIED - NO CUI

Skip to content

DEBUG Database integration

brandt keller requested to merge database-integration into main

Description

A lot of changes in this one. Integrating the database became a black-hole of jumping from one problem to the next with regards to hardcoded expectations and properly templating. Note: This meets the criteria for connectivity with internal (to cluster) and external databases - to include the initial seeding. There are security improvements to be made with regards to secrets and generally other optimizations to be had with templating across the package. Given the growing size of this MR, I wanted to cap the logic on the acceptance criteria (outlined below) and write follow-on tickets for improvements. (Secrets strategy already has an issue in the backlog).

Acceptance Criteria

  • For Dev/CI, deploy the official mysql helm chart using the IB approved image
    • ensure the init.sql was ran on first runtime
    • Ensure keycloak comes up healthy there-after
  • For production - enable a configuration that would utilize managed database services such as RDS.
    • This should disable the internally deployed mysql and have connectivity externally
    • A job should run on first install only that seeds the external database with the init.sql script

Execution

  • kpt 'get' the upstream chart that matches the IB approved 8.0.28 mysql image
    • The BB mysql package is a year old and un-maintained
  • configure baselines under the parent mysql block
  • Remove the pre-existing mysql sub-chart - migrating the init.sql
  • Init.sql configmap is created at the parent chart layer. This allows abstraction from internal/external seeding
  • Lots of changes and tweaks to existing resources to support proper connectivity/configuration
  • Manual testing to confirm init.sql execution
  • manual testing of services (keycloak) to ensure health post-deployment

External DB connection:

  • Create configmap for seeding, create job that mounts configmap and seeds an external database.
  • ensure the rf-secret can handle configuration of a defined db location (internal or external)

Exceptions

  • mysql allows an existing secret to be used for passwords - this should be accounted for in the package logic to some degree (possibly some lookup logic)
  • currently the root user must have the ability to be used from a remote location on external databases. We should make this configurable for seeding in #20 (closed)

Closes #7 (closed)

Edited by Lucas Rodriguez

Merge request reports

UNCLASSIFIED - NO CUI