Add postgres-stateful

.controlplane/templates/gvc.yml

@@ -9,7 +9,7 @@ spec:
       # Password does not matter because host postgres.APP_GVC.cpln.local can only be accessed
       # locally within CPLN GVC, and postgres running on a CPLN workload is something only for a
       # test app that lacks persistence.
-      value: 'postgres://postgres:password123@postgres.APP_GVC.cpln.local:5432/APP_GVC'
+      value: 'postgres://the_user:the_password@postgres-stateful.APP_GVC.cpln.local:5432/APP_GVC'
     - name: RAILS_ENV
       value: production
     - name: NODE_ENV

.controlplane/templates/postgres-stateful.yml

@@ -0,0 +1,170 @@
+kind: volumeset
+name: postgres-stateful-vs
+description: postgres-stateful-vs
+spec:
+  autoscaling:
+    maxCapacity: 1000
+    minFreePercentage: 1
+    scalingFactor: 1.1
+  fileSystemType: ext4
+  initialCapacity: 10
+  performanceClass: general-purpose-ssd
+  snapshots:
+    createFinalSnapshot: true
+    retentionDuration: 7d
+
+---
+kind: secret
+name: postgres-stateful-credentials
+description: ''
+type: dictionary
+data:
+  password: the_user #Replace this with a real password
+  username: the_password #Replace this with a real username
+
+---
+kind: secret
+name: postgres-stateful-entrypoint-script
+type: opaque
+data:
+  encoding: base64
+  payload: >-
+    IyEvdXNyL2Jpbi9lbnYgYmFzaAoKc291cmNlIC91c3IvbG9jYWwvYmluL2RvY2tlci1lbnRyeXBvaW50LnNoCgppbnN0YWxsX2RlcHMoKSB7CiAgYXB0LWdldCB1cGRhdGUgLXkgPiAvZGV2L251bGwKICBhcHQtZ2V0IGluc3RhbGwgY3VybCAteSA+IC9kZXYvbnVsbAogIGFwdC1nZXQgaW5zdGFsbCB1bnppcCAteSA+IC9kZXYvbnVsbAogIGN1cmwgImh0dHBzOi8vYXdzY2xpLmFtYXpvbmF3cy5jb20vYXdzY2xpLWV4ZS1saW51eC14ODZfNjQuemlwIiAtbyAiYXdzY2xpdjIuemlwIiA+IC9kZXYvbnVsbAogIHVuemlwIGF3c2NsaXYyLnppcCA+IC9kZXYvbnVsbAogIC4vYXdzL2luc3RhbGwgPiAvZGV2L251bGwKfQoKZGJfaGFzX2JlZW5fcmVzdG9yZWQoKSB7CiAgaWYgWyAhIC1mICIkUEdEQVRBL0NQTE5fUkVTVE9SRUQiIF07IHRoZW4KICAgIHJldHVybiAxCiAgZmkKCiAgaWYgISBncmVwIC1xICJcLT4gJDEkIiAiJFBHREFUQS9DUExOX1JFU1RPUkVEIjsgdGhlbgogICAgcmV0dXJuIDEKICBlbHNlCiAgICByZXR1cm4gMAogIGZpCn0KCnJlc3RvcmVfZGIoKSB7Cgl3aGlsZSBbICEgLVMgL3Zhci9ydW4vcG9zdGdyZXNxbC8ucy5QR1NRTC41NDMyIF0KCWRvCiAgICBlY2hvICJXYWl0aW5nIDVzIGZvciBkYiBzb2NrZXQgdG8gYmUgYXZhaWxhYmxlIgogICAgc2xlZXAgNXMKICBkb25lCgoKCWlmICEgZGJfaGFzX2JlZW5fcmVzdG9yZWQgIiQxIjsgdGhlbgoJICBlY2hvICJJdCBhcHBlYXJzIGRiICckMScgaGFzIG5vdCB5ZXQgYmVlbiByZXN0b3JlZCBmcm9tIFMzLiBBdHRlbXB0aW5nIHRvIHJlc3RvcmUgJDEgZnJvbSAkMiIKCSAgaW5zdGFsbF9kZXBzCgkgIGRvY2tlcl9zZXR1cF9kYiAjRW5zdXJlcyAkUE9TVEdSRVNfREIgZXhpc3RzIChkZWZpbmVkIGluIHRoZSBlbnRyeXBvaW50IHNjcmlwdCBmcm9tIHRoZSBwb3N0Z3JlcyBkb2NrZXIgaW1hZ2UpCgkgIGF3cyBzMyBjcCAiJDIiIC0gfCBwZ19yZXN0b3JlIC0tY2xlYW4gLS1uby1hY2wgLS1uby1vd25lciAtZCAiJDEiIC1VICIkUE9TVEdSRVNfVVNFUiIKCSAgZWNobyAiJChkYXRlKTogJDIgLT4gJDEiIHwgY2F0ID4+ICIkUEdEQVRBL0NQTE5fUkVTVE9SRUQiCgllbHNlCgkgIGVjaG8gIkRiICckMScgYWxyZWFkeSBleGlzdHMuIFJlYWR5ISIKICBmaQp9CgpfbWFpbiAiJEAiICYKYmFja2dyb3VuZFByb2Nlc3M9JCEKCmlmIFsgLW4gIiRQT1NUR1JFU19BUkNISVZFX1VSSSIgXTsgdGhlbgogIHJlc3RvcmVfZGIgIiRQT1NUR1JFU19EQiIgIiRQT1NUR1JFU19BUkNISVZFX1VSSSIKZWxzZQogIGVjaG8gIkRlY2xpbmluZyB0byByZXN0b3JlIHRoZSBkYiBiZWNhdXNlIG5vIGFyY2hpdmUgdXJpIHdhcyBwcm92aWRlZCIKZmkKCndhaXQgJGJhY2tncm91bmRQcm9jZXNzCgoK
+
+#Here is the ASCII-encoded version of the script in the secret above
+#!/usr/bin/env bash
+#
+#source /usr/local/bin/docker-entrypoint.sh
+#
+#install_deps() {
+#  apt-get update -y > /dev/null
+#  apt-get install curl -y > /dev/null
+#  apt-get install unzip -y > /dev/null
+#  curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip" > /dev/null
+#  unzip awscliv2.zip > /dev/null
+#  ./aws/install > /dev/null
+#}
+#
+#db_has_been_restored() {
+#  if [ ! -f "$PGDATA/CPLN_RESTORED" ]; then
+#    return 1
+#  fi
+#
+#  if ! grep -q "\-> $1$" "$PGDATA/CPLN_RESTORED"; then
+#    return 1
+#  else
+#    return 0
+#  fi
+#}
+#
+#restore_db() {
+#  while [ ! -S /var/run/postgresql/.s.PGSQL.5432 ]
+#  do
+#    echo "Waiting 5s for db socket to be available"
+#    sleep 5s
+#  done
+#
+#
+#  if ! db_has_been_restored "$1"; then
+#    echo "It appears db '$1' has not yet been restored from S3. Attempting to restore $1 from $2"
+#    install_deps
+#    docker_setup_db #Ensures $POSTGRES_DB exists (defined in the entrypoint script from the postgres docker image)
+#    aws s3 cp "$2" - | pg_restore --clean --no-acl --no-owner -d "$1" -U "$POSTGRES_USER"
+#    echo "$(date): $2 -> $1" | cat >> "$PGDATA/CPLN_RESTORED"
+#  else
+#    echo "Db '$1' already exists. Ready!"
+#  fi
+#}
+#
+#_main "$@" &
+#backgroundProcess=$!
+#
+#if [ -n "$POSTGRES_ARCHIVE_URI" ]; then
+#  restore_db "$POSTGRES_DB" "$POSTGRES_ARCHIVE_URI"
+#else
+#  echo "Declining to restore the db because no archive uri was provided"
+#fi
+#
+#wait $backgroundProcess
+
+---
+kind: identity
+name: postgres-stateful-identity
+description: postgres-stateful-identity
+
+---
+kind: policy
+name: postgres-stateful-access
+description: postgres-stateful-access
+bindings:
+  - permissions:
+      - reveal
+      - use
+      - view
+    principalLinks:
+      - //gvc/react-webpack-rails-tutorial/identity/postgres-stateful-identity  #Replace YOUR_GVC_HERE with the name of your gvc
+targetKind: secret
+targetLinks:
+  - //secret/postgres-stateful-credentials
+  - //secret/postgres-stateful-entrypoint-script
+
+---
+kind: workload
+name: postgres-stateful
+description: postgres-stateful
+spec:
+  type: stateful
+  containers:
+    - cpu: 1000m
+      memory: 512Mi
+      env:
+        # - name: POSTGRES_ARCHIVE_URI  #Use this var to control the automatic restore behavior. If you leave it out, the db will start empty.
+        #   value: s3://YOUR_BUCKET/PATH_TO_ARCHIVE_FILE
+        - name: PGDATA #The location postgres stores the db. This can be anything other than /var/lib/postgresql/data, but it must be inside the mount point for the volume set
+          value: "/var/lib/postgresql/data/pg_data"
+        - name: POSTGRES_DB #The name of the initial db
+          value: test
+        - name: POSTGRES_PASSWORD #The password for the default user
+          value: cpln://secret/postgres-stateful-credentials.password
+        - name: POSTGRES_USER #The name of the default user
+          value: cpln://secret/postgres-stateful-credentials.username
+      name: stateful
+      image: postgres:15
+      command: /bin/bash
+      args:
+        - "-c"
+        - "cat /usr/local/bin/cpln-entrypoint.sh >> ./cpln-entrypoint.sh && chmod u+x ./cpln-entrypoint.sh && ./cpln-entrypoint.sh postgres"
+      #command:  "cpln-entrypoint.sh"
+      #args:
+      #  - "postgres"
+      ports:
+        - number: 5432
+          protocol: tcp
+      volumes:
+        - uri: cpln://volumeset/postgres-stateful-vs
+          path: "/var/lib/postgresql/data"
+        - uri: cpln://secret/postgres-stateful-entrypoint-script
+          path: "/usr/local/bin/cpln-entrypoint.sh"
+      inheritEnv: false
+      livenessProbe:
+        tcpSocket:
+          port: 5432
+        failureThreshold: 1
+      readinessProbe:
+        tcpSocket:
+          port: 5432
+        failureThreshold: 1
+  identityLink: //identity/postgres-stateful-identity
+  defaultOptions:
+    capacityAI: false
+    autoscaling:
+      metric: cpu
+      target: 95
+      maxScale: 1
+  firewallConfig:
+    external:
+      inboundAllowCIDR: []
+      outboundAllowCIDR:
+        - 0.0.0.0/0
+    internal:
+      inboundAllowType: same-gvc