[kots]: add database to preflight checks #9759
There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,18 @@ | ||
| # Copyright (c) 2022 Gitpod GmbH. All rights reserved. | ||
| # Licensed under the GNU Affero General Public License (AGPL). | ||
| # See License-AGPL.txt in the project root for license information. | ||
|
|
||
| packages: | ||
| - name: docker | ||
| type: docker | ||
| argdeps: | ||
| - imageRepoBase | ||
| srcs: | ||
| - entrypoint.sh | ||
| config: | ||
| dockerfile: leeway.Dockerfile | ||
| metadata: | ||
| helm-component: kots-config-check.database | ||
| image: | ||
| - ${imageRepoBase}/kots-config-check/database:${version} | ||
| - ${imageRepoBase}/kots-config-check/database:commit-${__git_commit} |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,87 @@ | ||
| #!/bin/bash | ||
| # Copyright (c) 2022 Gitpod GmbH. All rights reserved. | ||
| # Licensed under the GNU Affero General Public License (AGPL). | ||
| # See License-AGPL.txt in the project root for license information. | ||
|
|
||
|
|
||
| set -euo pipefail | ||
|
|
||
| DB_IN_CLUSTER_ENABLED="${1:-""}" | ||
| DB_CLOUDSQL_ENABLED="${2:-""}" | ||
| DB_USERNAME="${3:-""}" | ||
| DB_PASSWORD="${4:-""}" | ||
| DB_HOST="${5:-""}" | ||
| DB_PORT="${6:-""}" | ||
| CSP_INSTANCES="${7:-""}" | ||
| CSP_CREDENTIALS="${8:-""}" | ||
|
|
||
| connection="false" | ||
| version="" | ||
|
|
||
| DB_TYPE="incluster" | ||
| if [ "${DB_IN_CLUSTER_ENABLED}" == "0" ]; then | ||
| if [ "${DB_CLOUDSQL_ENABLED}" == "1" ]; then | ||
| DB_TYPE="cloudsqlproxy" | ||
| else | ||
| DB_TYPE="external" | ||
| fi | ||
| fi | ||
|
|
||
| case "${DB_TYPE}" in | ||
| cloudsqlproxy | external) | ||
| if [ "${DB_TYPE}" = "cloudsqlproxy" ]; then | ||
| echo "Connecting to CloudSQLProxy" | ||
|
|
||
| CREDENTIALS_FILE="/tmp/credentials.json" | ||
| echo "${CSP_CREDENTIALS}" | base64 -d > "${CREDENTIALS_FILE}" | ||
|
|
||
| # Config overrides | ||
| DB_HOST="0.0.0.0" | ||
| DB_PORT="8080" | ||
|
|
||
| # This is a long-running process | ||
| cloud_sql_proxy \ | ||
| --instances="${CSP_INSTANCES}=tcp:${DB_PORT}" \ | ||
| -credential_file="${CREDENTIALS_FILE}" & | ||
|
|
||
| # Give it a chance to connect | ||
| sleep 5 | ||
| else | ||
| echo "Using external database" | ||
| fi | ||
|
|
||
| # Check the database version | ||
| version_query=$(mysql \ | ||
| --connect-timeout=5 \ | ||
| --database=gitpod \ | ||
| --user="${DB_USERNAME}" \ | ||
| --password="${DB_PASSWORD}" \ | ||
| --host="${DB_HOST}" \ | ||
| --port="${DB_PORT}" \ | ||
| --execute="SELECT VERSION();" \ | ||
| --silent \ | ||
|
There was a problem hiding this comment. Random thought: Do we still get enough log data with the There was a problem hiding this comment. Yes. The Also, there's actually no way of debugging a preflight check so we are limited to just putting the data in a known format so we can perform regex queries on it. |
||
| --raw \ | ||
| --skip-column-names || echo "fail") | ||
|
|
||
| if [ "${version_query}" != "fail" ]; then | ||
| connection="true" | ||
| version="${version_query}" | ||
| fi | ||
| ;; | ||
| incluster) | ||
| echo "Using in-cluster database" | ||
| connection="true" | ||
| version="5.7" | ||
| ;; | ||
| *) | ||
| echo "Unknown database type: '${DB_TYPE}'" | ||
| exit 1 | ||
| ;; | ||
| esac | ||
|
|
||
| if [ "${connection}" = "true" ]; then | ||
| echo "connection: ok" | ||
| else | ||
| echo "connection: error" | ||
| fi | ||
| echo "version: ${version}" | ||
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,8 @@ | ||
| # Copyright (c) 2022 Gitpod GmbH. All rights reserved. | ||
| # Licensed under the GNU Affero General Public License (AGPL). | ||
| # See License-AGPL.txt in the project root for license information. | ||
|
|
||
| FROM bitnami/mysql:5.7 | ||
| COPY --from=gcr.io/cloudsql-docker/gce-proxy /cloud_sql_proxy /usr/local/bin/cloud_sql_proxy | ||
| COPY entrypoint.sh /entrypoint.sh | ||
| ENTRYPOINT [ "/entrypoint.sh" ] |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -7,6 +7,19 @@ metadata: | |
| name: gitpod | ||
| spec: | ||
| collectors: | ||
| - run: | ||
| collectorName: database | ||
| image: eu.gcr.io/gitpod-core-dev/build/kots-config-check/database:sje-kots-config-check.9 | ||
|
There was a problem hiding this comment. I think, in We could get the version with something like this: const kotsConfigCheckDatabaseTag = exec(`docker run --rm eu.gcr.io/gitpod-core-dev/build/versions:${jobConfig.version} cat /versions.yaml | yq r - 'components.kots-config-check.database.version'`, { silent: true })
.stdout.trim();There was a problem hiding this comment. I don't think so. My understanding is that this will only be built by Werft if it detects a change - as this is very unlikely to change, this won't be built on each push. I think this is more akin to our
mrsimonemms marked this conversation as resolved.
Show resolved
Hide resolved
|
||
| name: database | ||
| args: | ||
| - '{{repl ConfigOption "db_incluster" }}' # DB_IN_CLUSTER_ENABLED | ||
| - '{{repl ConfigOption "db_cloudsql_enabled" }}' # DB_CLOUDSQL_ENABLED | ||
| - '{{repl ConfigOption "db_username" }}' # DB_USERNAME | ||
| - '{{repl ConfigOption "db_password" }}' # DB_PASSWORD | ||
| - '{{repl ConfigOption "db_host" }}' # DB_HOST | ||
| - '{{repl ConfigOption "db_port" }}' # DB_PORT | ||
| - '{{repl ConfigOption "db_cloudsql_instance" }}' # CloudSQL instances | ||
| - '{{repl ConfigOption "db_gcp_credentials" }}' # CloudSQL credentials file | ||
| - run: | ||
| collectorName: "kernel" | ||
| image: alpine/semver | ||
|
|
@@ -151,3 +164,23 @@ spec: | |
| message: No default storage class found | ||
| - pass: | ||
| message: Default storage class found | ||
| - textAnalyze: | ||
| checkName: Database connection is valid | ||
| fileName: database/database.log | ||
| regexGroups: 'connection: (?P<Connection>\w+)' | ||
| outcomes: | ||
| - pass: | ||
| when: "Connection == ok" | ||
| message: Database connection is valid | ||
| - fail: | ||
| message: Database connection is invalid. Please check your settings and that the database is accessible from your cluster | ||
| - textAnalyze: | ||
| checkName: Database version is valid | ||
| fileName: database/database.log | ||
| regexGroups: 'version: (?P<Version>\d(\.\d+)?)' | ||
| outcomes: | ||
| - pass: | ||
| when: "Version == 5.7" | ||
| message: Database version is valid | ||
| - warn: | ||
| message: Database version could not be verified. This should be MySQL 5.7 | ||
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Small optimization suggestion:
For deploying a preview env, we don't need to build this image. We need this only when we deploy a KOTS release. Building this only when the
publish-to-kotswerft flag is set would help us to not extend the time to wait for a preview env for every dev.Note: We can handle this in a follow up PR and create an issue and merge the PR as is.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yeah, that would be a good optimisation. Is there an example I can use to follow as I didn't know this was possible?