From 083de0c709b8b7bb67d9598dca0d01ad07b5d796 Mon Sep 17 00:00:00 2001 From: Jonathan Sick Date: Tue, 14 Jan 2025 13:01:46 -0500 Subject: [PATCH 1/4] Apply DM-48413 Times Square DB migration on idfdev This enables the update schema job on idfdev for Times Square. See Times Square PR: https://github.com/lsst-sqre/times-square/pull/89 --- applications/times-square/Chart.yaml | 2 +- applications/times-square/values-idfdev.yaml | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/applications/times-square/Chart.yaml b/applications/times-square/Chart.yaml index 8826227db1..b4804a5f3c 100644 --- a/applications/times-square/Chart.yaml +++ b/applications/times-square/Chart.yaml @@ -8,7 +8,7 @@ sources: type: application # The default version tag of the times-square docker image -appVersion: "0.14.0" +appVersion: "tickets-DM-48413" dependencies: - name: redis diff --git a/applications/times-square/values-idfdev.yaml b/applications/times-square/values-idfdev.yaml index 9adb89ef9b..ba217d2e07 100644 --- a/applications/times-square/values-idfdev.yaml +++ b/applications/times-square/values-idfdev.yaml @@ -3,6 +3,7 @@ image: ingress: defaultScope: "exec:admin" config: + updateSchema: true logLevel: "DEBUG" databaseUrl: "postgresql://times-square@localhost/times-square" githubAppId: "196798" From 5e62a462f7a304a68bd010a8c73561b518b5d2ed Mon Sep 17 00:00:00 2001 From: Jonathan Sick Date: Tue, 14 Jan 2025 13:38:33 -0500 Subject: [PATCH 2/4] Use helper variable for serviceAccountName This is to make the schema update job more consistent with the other resources in the times-square chart. This was changed for debugging, but may not be of material difference after all. --- applications/times-square/templates/job-schema-update.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/applications/times-square/templates/job-schema-update.yaml b/applications/times-square/templates/job-schema-update.yaml index 16bfca921c..16b086c729 100644 --- a/applications/times-square/templates/job-schema-update.yaml +++ b/applications/times-square/templates/job-schema-update.yaml @@ -23,7 +23,7 @@ spec: times-square-redis-client: "true" spec: {{- if .Values.cloudsql.enabled }} - serviceAccountName: "times-square" + serviceAccountName: {{ include "times-square.serviceAccountName" . }} {{- else }} automountServiceAccountToken: false {{- end }} From 075e1054ba7dfe53e2c5e1a234cdeef49ad60a35 Mon Sep 17 00:00:00 2001 From: Jonathan Sick Date: Tue, 14 Jan 2025 13:40:41 -0500 Subject: [PATCH 3/4] Use alpine version of sql proxy for schema updates This was part of the Gafaelfawr implementation of the schema-update job, but in the port to times square I missed the additional schemaUpdateTagSuffix variable. By using an alpine-based image the container gets a /bin/sh shell and therefore can run with the while loop lifecycle logic. This resolves a unable to start container process: exec: "/bin/sh": stat /bin/sh: no such file or directory: unknown error. --- applications/times-square/README.md | 1 + applications/times-square/values.yaml | 3 +++ 2 files changed, 4 insertions(+) diff --git a/applications/times-square/README.md b/applications/times-square/README.md index fd6e53da07..529f314f05 100644 --- a/applications/times-square/README.md +++ b/applications/times-square/README.md @@ -19,6 +19,7 @@ An API service for managing and rendering parameterized Jupyter notebooks. | cloudsql.image.pullPolicy | string | `"IfNotPresent"` | Pull policy for Cloud SQL Auth Proxy images | | cloudsql.image.repository | string | `"gcr.io/cloudsql-docker/gce-proxy"` | Cloud SQL Auth Proxy image to use | | cloudsql.image.resources | object | see `values.yaml` | Resource requests and limits for Cloud SQL pod | +| cloudsql.image.schemaUpdateTagSuffix | string | `"-alpine"` | Tag suffix to use for the proxy for schema updates | | cloudsql.image.tag | string | `"1.37.3"` | Cloud SQL Auth Proxy tag to use | | cloudsql.instanceConnectionName | string | `""` | Instance connection name for a Cloud SQL PostgreSQL instance | | cloudsql.serviceAccount | string | `""` | The Google service account that has an IAM binding to the `times-square` Kubernetes service accounts and has the `cloudsql.client` role | diff --git a/applications/times-square/values.yaml b/applications/times-square/values.yaml index 6faa761145..9d9d45fa54 100644 --- a/applications/times-square/values.yaml +++ b/applications/times-square/values.yaml @@ -162,6 +162,9 @@ cloudsql: # -- Cloud SQL Auth Proxy tag to use tag: "1.37.3" + # -- Tag suffix to use for the proxy for schema updates + schemaUpdateTagSuffix: "-alpine" + # -- Pull policy for Cloud SQL Auth Proxy images pullPolicy: "IfNotPresent" From 1c154b5319a33d34320f0f0015fb650473ea6e84 Mon Sep 17 00:00:00 2001 From: Jonathan Sick Date: Tue, 14 Jan 2025 14:01:06 -0500 Subject: [PATCH 4/4] Drop schema update on idfev --- applications/times-square/values-idfdev.yaml | 1 - 1 file changed, 1 deletion(-) diff --git a/applications/times-square/values-idfdev.yaml b/applications/times-square/values-idfdev.yaml index ba217d2e07..9adb89ef9b 100644 --- a/applications/times-square/values-idfdev.yaml +++ b/applications/times-square/values-idfdev.yaml @@ -3,7 +3,6 @@ image: ingress: defaultScope: "exec:admin" config: - updateSchema: true logLevel: "DEBUG" databaseUrl: "postgresql://times-square@localhost/times-square" githubAppId: "196798"