Table of contents
Database deployments
Prerequisites
-
Create the application’s database users
Add a sql script file to create the users:
- Configuration database : databases\configuration-api\createUsers.sql
- Devices database : databases\devices-api\createUsers.sql
DO $do$ BEGIN IF EXISTS ( SELECT FROM pg_catalog.pg_roles WHERE rolname = 'devicesdb_rw') THEN RAISE NOTICE 'Role "devicesdb_rw" already exists. Skipping.'; ELSE CREATE ROLE devicesdb_rw LOGIN; END IF; END $do$;
-
Grant the application’s database users
Add a sql script file to grant the users:
- Configuration database : databases\configuration-api\grantUsers.sql
- Devices database : databases\devices-api\grantUsers.sql
GRANT SELECT, INSERT, UPDATE, DELETE ON ALL TABLES IN SCHEMA public TO devicesdb_rw; GRANT ALL PRIVILEGES ON ALL SEQUENCES IN SCHEMA public TO devicesdb_rw;
Deploy database objects
Execute the following actions in the database deployment steps builds\pipelines\templates\steps\databases-cd-steps.yaml:
-
Download the sql ddl file produced during the continuous integration pipeline
resourcePipelineId
- Resource pipeline id is available in resources.pipeline.[pipeline name].pipelineID
- Parameter must be defined from the continuous deployment pipeline
# Download SQL script produced by the continuous integration pipeline - task: DownloadPipelineArtifact@2 inputs: buildType: 'specific' project: '$(System.TeamProjectId)' definition: '$' specificBuildWithTriggering: true buildVersionToDownload: 'latest' allowPartiallySucceededBuilds: true artifactName: 'SQLScripts' targetPath: '$(Pipeline.Workspace)'
- Copy databases script files to container with sql client
- Create the database users and set their password
- Deploy database objects
- Grant users to database objects
Standard deployment into Kubernetes
Create deployment file
-
Retrieve information on images
az acr login --name aksbootstrap az acr repository list -n aksbootstrap az acr repository show -n aksbootstrap --repository inventoryconfigurationapi az acr repository show-tags -n aksbootstrap --repository inventoryconfigurationapi # Attach using acr-name az aks get-credentials --name aksbootstrap --resource-group rg-aks-bootstrap-networking-spoke az aks update -n aksbootstrap -g rg-aks-bootstrap-networking-spoke --attach-acr aksbootstrap
-
Create the deployment file
-
Deploy on Kubernetes
3.1 Deployment
``` bash # Create namespace inventory $namespace = "inventory" $releaseName = "$namespace-ingress" kubectl create namespace $namespace kubectl apply -f builds/kubernetes/temp/deployment.yml --namespace inventory kubectl get deployments kubectl logs configuration-api-deployment-fd99558-4dn7z -n inventory -c postgres-image ```
3.2 Service Cluster IP
``` bash kubectl apply -f .\builds\kubernetes\temp\service-clusterip.yml --namespace inventory kubectl describe service configuration-api-svc --namespace inventory ```
3.3 AGIC…
``` bash # Create application gateway az network application-gateway create -n ag-aks -l francecentral -g rg-aks-bootstrap-networking-hub --sku Standard_v2 --public-ip-address pi-inventory-gateway --vnet-name vnet-hub --subnet gateway-subnet # enable application gateway into aks cluster (module AGIC) # https://learn.microsoft.com/fr-fr/azure/application-gateway/tutorial-ingress-controller-add-on-existing?toc=https%3A%2F%2Flearn.microsoft.com%2Ffr-fr%2Fazure%2Faks%2Ftoc.json&bc=https%3A%2F%2Flearn.microsoft.com%2Ffr-fr%2Fazure%2Fbread%2Ftoc.json $appgwId=$(az network application-gateway show -n ag-aks -g rg-aks-bootstrap-networking-hub -o tsv --query "id") az aks enable-addons -n aksbootstrap -g rg-aks-bootstrap-networking-spoke -a ingress-appgw --appgw-id $appgwId az aks update -n aksbootstrap -g rg-aks-bootstrap-networking-spoke --enable-managed-identity ```
Create Helm chart
TODO
Sources
- https://learn.microsoft.com/en-us/azure/aks/devops-pipeline?pivots=pipelines-yaml
- https://learn.microsoft.com/en-us/azure/devops/pipelines/process/resources?view=azure-devops&tabs=example#define-a-pipelines-resource
https://stackoverflow.com/questions/22483555/postgresql-give-all-permissions-to-a-user-on-a-postgresql-database