feat: support DDL/DML along with auth

c6aacd16 · David McKay · 257af19e · c6aacd16 · 257af19e · c6aacd16
Commit c6aacd16 authored Jun 30, 2020 by David McKay
6 changed files
--- a/charts/influxdb-enterprise/example-secrets.yaml
+++ b/charts/influxdb-enterprise/example-secrets.yaml
@@ -3,7 +3,7 @@ kind: Secret
 metadata:
  name: license
 stringData:
-  json: FAKE LICENSE KEY
+  json: YOUR JSON KEY
 ---
 apiVersion: v1
 kind: Secret
@@ -19,3 +19,13 @@ metadata:
  name: shared-secret
 stringData:
  secret: MY RANDOM STRING
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: ddl-dml
+data:
+  ddl: |
+    CREATE DATABASE original
+    CREATE RETENTION POLICY oneday ON original DURATION 1d REPLICATION 1
+  dml: ""
--- a/charts/influxdb-enterprise/templates/auth-job.yaml
+++ b/charts/influxdb-enterprise/templates/auth-job.yaml
-{{- if .Values.auth.secretName -}}
-apiVersion: batch/v1
-kind: Job
-metadata:
-  name: {{ include "influxdb-enterprise.fullname" . }}-set-auth
-  labels:
-    {{- include "influxdb-enterprise.labels" . | nindent 4 }}
-  annotations:
-    "helm.sh/hook": post-install
-    "helm.sh/hook-delete-policy": hook-succeeded
-spec:
-  activeDeadlineSeconds: 300
-  backoffLimit: 10
-  template:
-    metadata:
-      labels:
-        {{- include "influxdb-enterprise.selectorLabels" . | nindent 8 }}
-    spec:
-      containers:
-      - name: {{ include "influxdb-enterprise.fullname" . }}-set-auth
-        image: curlimages/curl:7.70.0
-        env:
-        - name: INFLUXDB_USER
-          valueFrom:
-            secretKeyRef:
-              name: {{ .Values.auth.secretName }}
-              key: "username"
-        - name: INFLUXDB_PASSWORD
-          valueFrom:
-            secretKeyRef:
-              name: {{ .Values.auth.secretName }}
-              key: "password"
-        command:
-          - curl
-        args:
-          - "-X"
-          - "POST"
-          - "http://{{ include "influxdb-enterprise.fullname" . }}-data:8086/query"
-          - "--data-urlencode"
-          - "q=CREATE USER \"${INFLUXDB_USER}\" WITH PASSWORD '${INFLUXDB_PASSWORD}' WITH ALL PRIVILEGES"
-      restartPolicy: OnFailure
-{{- end -}}
--- a/charts/influxdb-enterprise/templates/bootstrap-job.yaml
+++ b/charts/influxdb-enterprise/templates/bootstrap-job.yaml
+{{- if or .Values.bootstrap.auth.secretName (or .Values.bootstrap.ddldml.raw .Values.bootstrap.ddldml.configMap) -}}
+apiVersion: batch/v1
+kind: Job
+metadata:
+  name: {{ include "influxdb-enterprise.fullname" . }}-bootstrap
+  labels:
+    {{- include "influxdb-enterprise.labels" . | nindent 4 }}
+  annotations:
+    "helm.sh/hook": post-install
+    "helm.sh/hook-delete-policy": hook-succeeded
+spec:
+  activeDeadlineSeconds: 300
+  backoffLimit: 10
+  template:
+    metadata:
+      labels:
+        {{- include "influxdb-enterprise.selectorLabels" . | nindent 8 }}
+    spec:
+      {{- if .Values.bootstrap.ddldml.configMap }}
+      volumes:
+      - name: ddldml
+        configMap:
+          name: {{ .Values.bootstrap.ddldml.configMap }}
+      {{ end }}
+      restartPolicy: OnFailure
+      # Consider this a middleware of setup components.
+      # Each is executed in-order until all of theme complete successfully.
+      # This means that each command must be idempotent.
+      initContainers:
+      {{- if .Values.bootstrap.auth.secretName }}
+      - name: auth
+        image: "{{ .Values.data.image.repository | default "influxdb" }}:{{ .Values.data.image.tag | default (printf "%s-%s" .Chart.AppVersion "data") }}"
+        imagePullPolicy: {{ .Values.data.image.pullPolicy }}
+        # Exposing these environment variables makes this command idempotent
+        # as even if the authentication has been setup, we can still execute the command
+        # and it won't error as nothing has changed
+        env:
+        - name: INFLUX_USERNAME
+          valueFrom:
+            secretKeyRef:
+              name: {{ .Values.bootstrap.auth.secretName }}
+              key: "username"
+        - name: INFLUX_PASSWORD
+          valueFrom:
+            secretKeyRef:
+              name: {{ .Values.bootstrap.auth.secretName }}
+              key: "password"
+        command:
+          - influx
+        args:
+          - -host
+          - {{ include "influxdb-enterprise.fullname" . }}-data
+          - -execute
+          - CREATE USER $(INFLUX_USERNAME) WITH PASSWORD '$(INFLUX_PASSWORD)' WITH ALL PRIVILEGES
+      {{ end }}
+      {{- if .Values.bootstrap.ddldml.configMap }}
+      - name: ddl
+        image: "{{ .Values.data.image.repository | default "influxdb" }}:{{ .Values.data.image.tag | default (printf "%s-%s" .Chart.AppVersion "data") }}"
+        imagePullPolicy: {{ .Values.data.image.pullPolicy }}
+        {{- if .Values.bootstrap.auth.secretName }}
+        env:
+        - name: INFLUX_USERNAME
+          valueFrom:
+            secretKeyRef:
+              name: {{ .Values.bootstrap.auth.secretName }}
+              key: "username"
+        - name: INFLUX_PASSWORD
+          valueFrom:
+            secretKeyRef:
+              name: {{ .Values.bootstrap.auth.secretName }}
+              key: "password"
+        {{ end }}
+        volumeMounts:
+        - name: ddldml
+          mountPath: /ddldml
+        command:
+          - influx
+        args:
+          - -host
+          - {{ include "influxdb-enterprise.fullname" . }}-data
+          - -import
+          - -path
+          - /ddldml/ddl
+      {{ end }}
+      {{- if .Values.bootstrap.ddldml.configMap }}
+      - name: dml
+        image: "{{ .Values.data.image.repository | default "influxdb" }}:{{ .Values.data.image.tag | default (printf "%s-%s" .Chart.AppVersion "data") }}"
+        imagePullPolicy: {{ .Values.data.image.pullPolicy }}
+        {{- if .Values.bootstrap.auth.secretName }}
+        env:
+        - name: INFLUX_USERNAME
+          valueFrom:
+            secretKeyRef:
+              name: {{ .Values.bootstrap.auth.secretName }}
+              key: "username"
+        - name: INFLUX_PASSWORD
+          valueFrom:
+            secretKeyRef:
+              name: {{ .Values.bootstrap.auth.secretName }}
+              key: "password"
+        {{ end }}
+        volumeMounts:
+        - name: ddldml
+          mountPath: /ddldml
+        command:
+          - influx
+        args:
+          - -host
+          - {{ include "influxdb-enterprise.fullname" . }}-data
+          - -import
+          - -path
+          - /ddldml/dml
+      {{ end }}
+      containers:
+      - name: success
+        image: "{{ .Values.data.image.repository | default "influxdb" }}:{{ .Values.data.image.tag | default (printf "%s-%s" .Chart.AppVersion "data") }}"
+        imagePullPolicy: {{ .Values.data.image.pullPolicy }}
+        command:
+          - echo
+        args:
+          - "Bootstrap Success"
+{{ end }}
--- a/charts/influxdb-enterprise/templates/data-configmap.yaml
+++ b/charts/influxdb-enterprise/templates/data-configmap.yaml
@@ -10,7 +10,7 @@ data:
    bind-address = ":8088"
    reporting-disabled = false

-    {{ if .Values.auth.secretName }}
+    {{ if .Values.bootstrap.auth.secretName }}
    [http]
    auth-enabled = true
    {{ end }}

--- a/charts/influxdb-enterprise/templates/meta-pdb.yaml
+++ b/charts/influxdb-enterprise/templates/meta-pdb.yaml
@@ -9,6 +9,6 @@ metadata:
 spec:
  selector:
    matchLabels:
-      release: {{ .Release.Name }}
+      app.kubernetes.io/managed-by: {{ .Release.Service }}
      influxdb.influxdata.com/component: meta
 {{ toYaml .Values.meta.podDisruptionBudget | indent 2 }}
--- a/charts/influxdb-enterprise/values.yaml
+++ b/charts/influxdb-enterprise/values.yaml
@@ -10,14 +10,36 @@ license:
  # You can put your license key here for testing this chart out,
  # but we STRONGLY recommend using a license file stored in a secret
  # when you ship to production.
-  # key: "your license key"
-  secret:
-    name: license
-    key: json
+  key: ""
+  # secret:
+  #   name: license
+  #   key: json

 # A secret with keys "username" and "password" is required
-auth:
-  secretName: auth
+# This bootstrap configuration allows you to configure
+# some parts of the InfluxDB system at install time.
+#
+# This job ONLY runs once, after the first `helm upgrade --install`
+# or `helm install`
+#
+# This job WILL NOT run on upgrades
+#
+bootstrap:
+  # This section allows you to enable authentication'
+  # of the data nodes, which will create a username
+  # and password for your "admin" account.
+  # A secret should be provided, which will have the keys
+  # "username" and "password" available.
+  auth: {}
+  #   secretName: auth
+  # This section allows you to use DDL and DML to define
+  # databases, retention policies, and inject some data.
+  # When using the configMap setting, the keys "ddl" and "dml"
+  # must exist, even if one of them is empty.
+  # DDL is executed before DML, to enforce databases and retention policies
+  # to exist.
+  ddldml: {}
+  #   configMap: ddl-dml

 meta:
  replicas: 3