Skip to main content Link Menu Expand (external link) Document Search Copy Copied
Table of contents
  1. Database deployments
    1. Prerequisites
    2. Deploy database objects
  2. Standard deployment into Kubernetes
    1. Create deployment file
    2. Create Helm chart
  3. Sources

Database deployments

Prerequisites

  1. Create the application’s database users

    Add a sql script file to create the users:

    • Configuration database : databases\configuration-api\createUsers.sql
    • Devices database : databases\devices-api\createUsers.sql
     DO
     $do$
     BEGIN
       IF EXISTS (
           SELECT FROM pg_catalog.pg_roles
           WHERE  rolname = 'devicesdb_rw') THEN
    
           RAISE NOTICE 'Role "devicesdb_rw" already exists. Skipping.';
       ELSE
           CREATE ROLE devicesdb_rw LOGIN;
       END IF;
     END
     $do$;
    
  2. Grant the application’s database users

    Add a sql script file to grant the users:

    • Configuration database : databases\configuration-api\grantUsers.sql
    • Devices database : databases\devices-api\grantUsers.sql
     GRANT SELECT, INSERT, UPDATE, DELETE ON ALL TABLES IN SCHEMA public TO devicesdb_rw;
     GRANT ALL PRIVILEGES ON ALL SEQUENCES IN SCHEMA public TO devicesdb_rw;
    

Deploy database objects

Execute the following actions in the database deployment steps builds\pipelines\templates\steps\databases-cd-steps.yaml:

  1. Download the sql ddl file produced during the continuous integration pipeline

    resourcePipelineId

    • Resource pipeline id is available in resources.pipeline.[pipeline name].pipelineID
    • Parameter must be defined from the continuous deployment pipeline
     # Download SQL script produced by the continuous integration pipeline
     - task: DownloadPipelineArtifact@2
         inputs:
         buildType: 'specific'
         project: '$(System.TeamProjectId)'
         definition: '$'
         specificBuildWithTriggering: true
         buildVersionToDownload: 'latest'
         allowPartiallySucceededBuilds: true
         artifactName: 'SQLScripts'
         targetPath: '$(Pipeline.Workspace)'
    
    
  2. Copy databases script files to container with sql client
  3. Create the database users and set their password
  4. Deploy database objects
  5. Grant users to database objects

Standard deployment into Kubernetes

Create deployment file

  1. Retrieve information on images

     az acr login --name aksbootstrap
     az acr repository list -n aksbootstrap
     az acr repository show -n aksbootstrap --repository inventoryconfigurationapi
     az acr repository show-tags -n aksbootstrap --repository inventoryconfigurationapi
    
     # Attach using acr-name
     az aks get-credentials --name aksbootstrap --resource-group rg-aks-bootstrap-networking-spoke
     az aks update -n aksbootstrap -g rg-aks-bootstrap-networking-spoke --attach-acr aksbootstrap
    
    
  2. Create the deployment file

  3. Deploy on Kubernetes

    3.1 Deployment

     ``` bash
     # Create namespace inventory
     $namespace = "inventory"
     $releaseName = "$namespace-ingress"
     kubectl create namespace $namespace
    
     kubectl apply -f builds/kubernetes/temp/deployment.yml --namespace inventory
     kubectl get deployments
    
     kubectl logs configuration-api-deployment-fd99558-4dn7z -n inventory -c postgres-image
     ```
    

    3.2 Service Cluster IP

     ``` bash
     kubectl apply -f .\builds\kubernetes\temp\service-clusterip.yml --namespace inventory
     kubectl describe service configuration-api-svc --namespace inventory
     ```
    

    3.3 AGIC…

     ``` bash
     # Create application gateway
     az network application-gateway create -n ag-aks -l francecentral -g rg-aks-bootstrap-networking-hub --sku Standard_v2 --public-ip-address pi-inventory-gateway --vnet-name vnet-hub --subnet gateway-subnet
    
     # enable application gateway into aks cluster (module AGIC)
     # https://learn.microsoft.com/fr-fr/azure/application-gateway/tutorial-ingress-controller-add-on-existing?toc=https%3A%2F%2Flearn.microsoft.com%2Ffr-fr%2Fazure%2Faks%2Ftoc.json&bc=https%3A%2F%2Flearn.microsoft.com%2Ffr-fr%2Fazure%2Fbread%2Ftoc.json
     $appgwId=$(az network application-gateway show -n ag-aks -g rg-aks-bootstrap-networking-hub -o tsv --query "id")
     az aks enable-addons -n aksbootstrap -g rg-aks-bootstrap-networking-spoke -a ingress-appgw --appgw-id $appgwId
    
     az aks update -n aksbootstrap -g rg-aks-bootstrap-networking-spoke --enable-managed-identity
     ```
    

Create Helm chart

TODO

Sources

https://stackoverflow.com/questions/22483555/postgresql-give-all-permissions-to-a-user-on-a-postgresql-database