Merge pull request #7 from cfpb/connect-rds

Add proper support for connection to RDS PostgreSQL
cfpb · Dec 3, 2024 · 9e93081 · 9e93081
2 parents 6fdf0da + fdea729
commit 9e93081
Show file tree

Hide file tree

Showing 5 changed files with 102 additions and 30 deletions.
diff --git a/.github/workflows/friendly-umbrella-deploy.yml b/.github/workflows/friendly-umbrella-deploy.yml
@@ -8,47 +8,48 @@ jobs:
     steps:
       - name: Checkout Friendly-Umbrella
         uses: actions/checkout@v2
-    
+
       - name: Retrieve Security Scan Secrets
         uses: aws-actions/aws-secretsmanager-get-secrets@v2
         with:
           secret-ids: |
             , ${{ secrets.SECURITY_SCAN_SECRET }}
+            RDS, ${{ secrets.RDS_CREDS_SECRET }}
           parse-json-secrets: true
 
       - name: Build Docker Image
-        run: |      
+        run: |
 
           # Build Friendly-Umbrella Image
           docker build -t ${{ secrets.ECR_REPO }}:$GITHUB_SHA .
 
       - name: Security Scan with Twistlock
-        run: |  
+        run: |
 
           curl -k -u "$TL_USER:$TL_PASSWORD" "$TL_CONSOLE_URL/api/v1/util/twistcli" --output twistcli
           chmod +x twistcli
 
           ./twistcli images scan --details -address "${TL_CONSOLE_URL}" -u  "${TL_USER}" -p "${TL_PASSWORD}" ${{ secrets.ECR_REPO }}:$GITHUB_SHA tee twistcli.log; EXITCODE=$?
 
-      
+
       - name: Push to ECR
         run: |
 
           # Login to ECR
-          aws ecr get-login-password --region ${{ secrets.AWS_REGION }} | docker login --username ${{ secrets.AWS_USERNAME }} --password-stdin ${{ secrets.ECR_REGISTRY }} 
-          
+          aws ecr get-login-password --region ${{ secrets.AWS_REGION }} | docker login --username ${{ secrets.AWS_USERNAME }} --password-stdin ${{ secrets.ECR_REGISTRY }}
+
           # Push to ECR
           docker push ${{ secrets.ECR_REPO }}:$GITHUB_SHA
 
       - name: Install K8s/Helm
         run: |
 
-          # Install Helm 
+          # Install Helm
           curl -fsSL -o get_helm.sh https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3
           chmod 700 get_helm.sh
           ./get_helm.sh
 
-          # Install kubectl 
+          # Install kubectl
           curl -o ./kubectl https://s3.us-west-2.amazonaws.com/amazon-eks/1.25.14/2023-10-17/bin/linux/amd64/kubectl
           curl -o ./kubectl.sha256 https://s3.us-west-2.amazonaws.com/amazon-eks/1.25.14/2023-10-17/bin/linux/amd64/kubectl.sha256
           (diff  <(openssl sha256 kubectl | awk {'print $2'}) <(cat kubectl.sha256 | awk {'print $1'}) &&
@@ -64,12 +65,13 @@ jobs:
 
       - name: Install Helm Chart on EKS
         run: >
-          helm upgrade --install friendly-umbrella ./helm 
+          helm upgrade --install friendly-umbrella ./helm
           -n ${{ secrets.NAMESPACE }} -f ./helm/values.yaml
-          --set image.repository=${{ secrets.ECR_REPO }}
-          --set image.tag=$GITHUB_SHA
+          --set initContainers[0].image.repository=${{ secrets.ECR_REPO }}
+          --set initContainers[0].image.tag=$GITHUB_SHA
+          --set containers[0].image.repository=${{ secrets.ECR_REPO }}
+          --set containers[0].image.tag=$GITHUB_SHA
           --set mapping.host=${{ secrets.HOST }}
           --set serviceAccount.name=${{ secrets.K8S_SERVICE_ACCOUNT }}
           --set config.AWS_STORAGE_BUCKET_NAME=${{ secrets.BUCKET_NAME }}
-          --set serviceAccount.name=${{ secrets.K8S_SERVICE_ACCOUNT }}
-          --set config.AWS_STORAGE_BUCKET_NAME=${{ secrets.BUCKET_NAME }}
+          --set config.DATABASE_URL=$RDS_DATABASE_URL
diff --git a/helm/templates/configmap.yaml b/helm/templates/configmap.yaml
@@ -4,7 +4,7 @@ kind: ConfigMap
 metadata: 
     name: {{ .Release.Name }}-configmap
 data:
-    {{- with .Values.config }}
-    {{- toYaml . | nindent 4 }}
+    {{- range $key, $value := .Values.config }}
+    {{ $key }}: {{ $value | quote }}
     {{- end }}
 {{- end }}
diff --git a/helm/templates/deployment.yaml b/helm/templates/deployment.yaml
@@ -25,21 +25,70 @@ spec:
       securityContext:
         {{- toYaml . | nindent 8 }}
       {{- end }}
-
+      initContainers:
+      {{- range .Values.initContainers }}
+      - name: {{ .name }}
+        image: "{{.image.repository}}:{{ .image.tag}}"
+        imagePullPolicy: {{ .image.pullPolicy }}
+        ports:
+        - name: http
+          containerPort: {{ .port }}
+          protocol: TCP
+        {{- if .command }}
+        command:
+          {{- range .command }}
+          - {{ . | quote }}
+          {{- end }}
+        {{- end }}
+        {{ if .args }}
+        args:
+          {{- range .args }}
+          - "{{ . }}"
+          {{- end }}
+        {{- end }}
+        envFrom:
+          - configMapRef:
+              name: {{ $.Release.Name }}-configmap
+        {{ if .env}}
+        env:
+          {{- range .env }}
+          - name: {{ .name }}
+            value: {{ .value | quote }}
+          {{- end }}
+        {{- end }}
+      {{- end }}
       containers:
-        - name: {{ .Chart.Name }}
-          {{- with .Values.image }}
-          image: "{{ .repository }}:{{ .tag }}"
-          imagePullPolicy: {{ .pullPolicy }}
+      {{- range .Values.containers }}
+      - name: {{ .name }}
+        image: "{{.image.repository}}:{{ .image.tag}}"
+        imagePullPolicy: {{ .image.pullPolicy }}
+        ports:
+        - name: http
+          containerPort: {{ .port }}
+          protocol: TCP
+        {{- if .command }}
+        command:
+          {{- range .command }}
+          - {{ . | quote }}
           {{- end }}
-          envFrom:
-            - configMapRef:
-                name: {{ .Release.Name }}-configmap
-          ports:
-            - name: http
-              containerPort: {{ .Values.service.port }}
-              protocol: TCP
-
+        {{- end }}
+        {{ if .args }}
+        args:
+          {{- range .args }}
+          - "{{ . }}"
+          {{- end }}
+        {{- end }}
+        envFrom:
+          - configMapRef:
+              name: {{ $.Release.Name }}-configmap
+        {{ if .env}}
+        env:
+          {{- range .env }}
+          - name: {{ .name }}
+            value: {{ .value | quote }}
+          {{- end }}
+        {{- end }}
+      {{- end }}
       {{- with .Values.nodeSelector }}
       nodeSelector:
         {{- toYaml . | nindent 8 }}

diff --git a/helm/values.yaml b/helm/values.yaml
@@ -1,4 +1,24 @@
 # This sets the container image more information can be found here: https://kubernetes.io/docs/concepts/containers/images/
+
+initContainers:
+  - name: friendly-umbrella-init
+    image:
+      repository: friendly-umbrella
+      pullPolicy: IfNotPresent
+      tag: "latest"
+    port: 8000
+    command: ["sh", "-c"]
+    args:
+    - python manage.py migrate
+
+containers:
+  - name: friendly-umbrella
+    image:
+      repository: friendly-umbrella
+      pullPolicy: IfNotPresent
+      tag: "latest"
+    port: 8000
+
 image:
   repository: friendly-umbrella
   tag: "latest"
@@ -13,10 +33,11 @@ serviceAccount:
 
 config:
   AWS_STORAGE_BUCKET_NAME: bucket_name
+  DATABASE_URL: database_url
 
 mapping:
   enabled: true
   host: "friendly-umbrella.localhost"
   ambassador_id:
     - "--apiVersion-v3alpha1-only--default"
-  prefix: "/"
+  prefix: "/"
diff --git a/pyproject.toml b/pyproject.toml
@@ -10,7 +10,7 @@ dependencies = [
     "django-storages>=1.14.4",
     "django>=4.2,<5",
     "gunicorn>=23.0.0",
-    "psycopg>=3.2.3",
+    "psycopg2-binary>=2.9",
     "whitenoise>=6.7.0",
 ]