CHANGELOG.md

+# [1.1.0](https://gitlab.opencode.de/bmi/opendesk/components/platform-development/charts/opendesk-migrations/compare/v1.0.1...v1.1.0) (2024-07-29)
+
+
+### Features
+
+* **run2:** Update for run_2 including handover of all deployment details. ([f3beff2](https://gitlab.opencode.de/bmi/opendesk/components/platform-development/charts/opendesk-migrations/commit/f3beff25f9ab5a0666c17714bdad4a2ce84a56e6))
+
 ## [1.0.1](https://gitlab.opencode.de/bmi/opendesk/components/platform-development/charts/opendesk-migrations/compare/v1.0.0...v1.0.1) (2024-07-15)
 
 

charts/opendesk-migrations/Chart.yaml

@@ -17,5 +17,5 @@ name: "opendesk-migrations"
 sources:
   - "https://gitlab.opencode.de/bmi/opendesk/components/platform-development/charts/opendesk-migrations"
 type: "application"
-version: "1.0.1"
+version: "1.1.0"
 ...

charts/opendesk-migrations/README.md

@@ -13,13 +13,13 @@ To install the chart with the release name `my-release`, you have two options:
 ### Install via Repository
 ```console
 helm repo add opendesk-migrations https://gitlab.opencode.de/api/v4/projects/3061/packages/helm/stable
-helm install my-release --version 1.0.1 opendesk-migrations/opendesk-migrations
+helm install my-release --version 1.1.0 opendesk-migrations/opendesk-migrations
 ```
 
 ### Install via OCI Registry
 ```console
 helm repo add opendesk-migrations oci://registry.opencode.de/bmi/opendesk/components/platform-development/charts/opendesk-migrations
-helm install my-release --version 1.0.1 opendesk-migrations/opendesk-migrations
+helm install my-release --version 1.1.0 opendesk-migrations/opendesk-migrations
 ```
 
 ## Requirements
@@ -55,15 +55,12 @@ helm install my-release --version 1.0.1 opendesk-migrations/opendesk-migrations
 | image.tag | string | `"1.0.0@sha256:6d9f222197f12f8359a98fa119f2fbe8a7de27a2120a9331192c97ebf433d2c2"` | Define image tag. |
 | imagePullSecrets | list | `[]` | Credentials to fetch images from private registry. Ref: https://kubernetes.io/docs/tasks/configure-pod-container/pull-image-private-registry/  imagePullSecrets:   - "docker-registry" |
 | lifecycleHooks | object | `{}` | Lifecycle to automate configuration before or after startup. |
-| migrations.credentials.keycloakAdminPassword | string | `nil` | Keycloak Admin Password |
-| migrations.credentials.keycloakAdminUsername | string | `nil` | Keycloak Admin Username |
-| migrations.currentOdRelease | string | `"v0.0.0"` | The openDesk Release the Migrations are deployed with. |
+| migrations.environmentDetails | string | `nil` | The complete environment configuration details |
 | migrations.failOnUnexpectedState | bool | `true` | If the upfront checks of the migration script fail do not just issue a warning but stop the script processing with an exit code >0. |
 | migrations.loglevel | string | `"DEBUG"` | The loglevel the migration should run with. Ref.: https://docs.python.org/3/library/logging.html#logging-levels |
-| migrations.namespace | string | `"default"` | The stage the migrations are executed, supported values: PRE, POST |
+| migrations.namespace | string | `"default"` | Namespace the migrations are executed in. |
 | migrations.runId | int | `1` | The ID of the migration script that should be executed. |
 | migrations.stage | string | `"PRE"` | The stage the migrations are executed, supported values: PRE, POST |
-| migrations.urls.keycloakBase | string | `"https://id.domain.example"` | Keycloak Base URL. Please use internal URLs when possible. |
 | nameOverride | string | `""` | String to partially override release name. |
 | nodeSelector | object | `{}` | Node labels for pod assignment. Ref: https://kubernetes.io/docs/user-guide/node-selection/ |
 | podAnnotations | object | `{}` | Pod Annotations. Ref: https://kubernetes.io/docs/concepts/overview/working-with-objects/annotations/ |

charts/opendesk-migrations/templates/job.yaml

@@ -70,6 +70,9 @@ spec:
           command:
             - "/app/odmigs.py"
           volumeMounts:
+            - name: "environmentdetails-volume"
+              mountPath: "/app/etc/"
+              readOnly: true
             {{- if .Values.extraVolumeMounts }}
             {{- include "common.tplvalues.render" (dict "value" .Values.extraVolumeMounts "context" .) | nindent 12 }}
             {{- end }}
@@ -78,8 +81,6 @@ spec:
             {{ toYaml . | nindent 12 | trim }}
           {{- end }}
           env:
-            - name: "MIGRATIONS_CURRENT_OD_RELEASE"
-              value: "{{ .Values.migrations.currentOdRelease }}"
             - name: "MIGRATIONS_LOGLEVEL"
               value: "{{ .Values.migrations.loglevel }}"
             - name: "MIGRATIONS_STAGE"
@@ -90,16 +91,13 @@ spec:
               value: "{{ .Values.migrations.namespace }}"
             - name: "MIGRATIONS_FAIL_ON_UNEXPECTED_STATE"
               value: "{{ .Values.migrations.failOnUnexpectedState }}"
-            - name: "CREDENTIALS_KEYCLOAK_ADMIN_USERNAME"
-              value: "{{ .Values.migrations.credentials.keycloakAdminUsername }}"
-            - name: "CREDENTIALS_KEYCLOAK_ADMIN_PASSWORD"
-              value: "{{ .Values.migrations.credentials.keycloakAdminPassword }}"
-            - name: "URLS_KEYCLOAK_BASE"
-              value: "{{ .Values.migrations.urls.keycloakBase }}"
           {{- with .Values.extraEnvVars }}
             {{- . | toYaml | nindent 12 }}
           {{- end }}
       volumes:
+        - name: "environmentdetails-volume"
+          secret:
+            secretName: "{{ include "common.names.fullname" . }}-environmentdetails"
         {{- if .Values.extraVolumes }}
         {{- include "common.tplvalues.render" (dict "value" .Values.extraVolumes  "context" .) | nindent 8 }}
         {{- end }}

charts/opendesk-migrations/templates/role.yaml

 {{/*
 SPDX-FileCopyrightText: 2024 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH
 SPDX-License-Identifier: Apache-2.0
+
+An easy way to get resources and their corresponding verbs from https://stackoverflow.com/questions/57661494/list-of-kubernetes-rbac-rule-verbs
+> kubectl proxy --port=8080
+> curl -s http://localhost:8080/api/v1 | jq '.resources[] | [.name, (.verbs | join(" "))] | join(" = ")' -r
 */}}
 {{- if .Values.rbac.create }}
 ---
@@ -11,7 +15,9 @@ metadata:
   labels:
     {{- include "common.labels.standard" . | nindent 4 }}
 rules:
-  # Allow self management of configmap
+  #
+  # All Migrations: Allow self management of configmap
+  #
   - apiGroups: [""]
     resources: ["configmaps"]
     verbs: ["create"]
@@ -19,5 +25,27 @@ rules:
     resources: ["configmaps"]
     resourceNames: ["migrations-status"]
     verbs: ["*"]
+  #
+  # run_2.py
+  #
+  # PVC get (current size of) and (later) delete old ldap-data.
+  - apiGroups: [""]
+    resources: ["persistentvolumeclaims"]
+    resourceNames: ["shared-data-ums-ldap-server-0"]
+    verbs: ["get", "delete"]
+  # Rescaling of LDAP stateful sets before copying the PVC.
+  - apiGroups: ["apps"]
+    resources: ["statefulsets/scale"]
+    resourceNames: ["ums-ldap-notifier", "ums-ldap-server"]
+    verbs: ["get", "update", "patch"]
+  # PVC create [with copy].
+  - apiGroups: [""]
+    resources: ["persistentvolumeclaims"]
+    verbs: ["create"]
+  # Restart of Keycloak.
+  - apiGroups: ["apps"]
+    resources: ["deployments"]
+    resourceNames: ["ums-keycloak"]
+    verbs: ["update", "patch"]
 ...
 {{- end }}

charts/opendesk-migrations/templates/secret.yaml

+{{/*
+SPDX-FileCopyrightText: 2024 Zentrum für Digitale Souveränität der Öffentlichen Verwaltung (ZenDiS) GmbH
+SPDX-License-Identifier: Apache-2.0
+*/}}
+---
+apiVersion: "v1"
+kind: "Secret"
+metadata:
+  name: "{{ include "common.names.fullname" . }}-environmentdetails"
+  namespace: {{ include "common.names.namespace" . | quote }}
+  labels: {{- include "common.labels.standard" . | nindent 4 }}
+    {{- if .Values.additionalLabels }}
+    {{- include "common.tplvalues.render" ( dict "value" .Values.additionalLabels "context" . ) | nindent 4 }}
+    {{- end }}
+  {{- if .Values.additionalAnnotations }}
+  annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.additionalAnnotations "context" . ) | nindent 4 }}
+  {{- end }}
+stringData:
+  environmentDetails.yaml: |
+    {{ .Values.migrations.environmentDetails | toYaml | nindent 4 }}
+...

charts/opendesk-migrations/values.yaml

@@ -32,12 +32,12 @@ migrations:
   # -- The stage the migrations are executed, supported values: PRE, POST
   stage: "PRE"
 
-  # -- The openDesk Release the Migrations are deployed with.
-  currentOdRelease: "v0.0.0"
-
-  # -- The stage the migrations are executed, supported values: PRE, POST
+  # -- Namespace the migrations are executed in.
   namespace: "default"
 
+  # -- The complete environment configuration details
+  environmentDetails: ~
+
   # -- The loglevel the migration should run with.
   # Ref.: https://docs.python.org/3/library/logging.html#logging-levels
   loglevel: "DEBUG"
@@ -46,16 +46,6 @@ migrations:
   # script processing with an exit code >0.
   failOnUnexpectedState: true
 
-  credentials:
-    # -- Keycloak Admin Username
-    keycloakAdminUsername:
-    # -- Keycloak Admin Password
-    keycloakAdminPassword:
-
-  urls:
-    # -- Keycloak Base URL. Please use internal URLs when possible.
-    keycloakBase: "https://id.domain.example"
-
 # Security Context.
 # Ref: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
 containerSecurityContext: