fix: change kontinuous config (#607)

Co-authored-by: Adrien Chauve <[email protected]>
SocialGouv · Mar 6, 2024 · 8d48ad3 · 8d48ad3
1 parent 337032e
commit 8d48ad3
Show file tree

Hide file tree

Showing 4 changed files with 61 additions and 53 deletions.
diff --git a/.kontinuous/config.yaml b/.kontinuous/config.yaml
@@ -2,15 +2,4 @@ projectName: enfants-du-spectacle
 dependencies:
   fabrique:
     extends:
-      - name: buildkit-service
       - name: ovh
-        ifEnv: [dev, preprod]
-    dependencies:
-      contrib:
-        preDeploy:
-          importSecrets:
-            options:
-              secrets:
-                enfants-du-spectacle-dev-backups-access-key:
-                enfants-du-spectacle-prod-backups-access-key:
-
diff --git a/.kontinuous/env/preprod/values.yaml b/.kontinuous/env/preprod/values.yaml
@@ -1,9 +1,16 @@
 app:
+  strategyType: Recreate
   addVolumes:
     - docs
+  securityContext:
+    fsGroup: 1000
+
 form:
+  strategyType: Recreate
   addVolumes:
     - docs-form
+  securityContext:
+    fsGroup: 1000
 
 jobs:
   runs:
@@ -18,4 +25,5 @@ jobs:
       with:
         buildArgs:
           NEXT_PUBLIC_SENTRY_ENVIRONMENT: preproduction
-          START_SCRIPT: start
+          START_SCRIPT: start
+
diff --git a/.kontinuous/env/prod/values.yaml b/.kontinuous/env/prod/values.yaml
@@ -1,42 +1,18 @@
 app:
+  replicas: 1
+  strategyType: Recreate
   addVolumes:
     - docs
+  securityContext:
+    fsGroup: 1000
 
 form:
+  replicas: 1
+  strategyType: Recreate
   addVolumes:
     - docs-form
-
-pg-metabase:
-  ~chart: pg
-
-metabase:
-  enabled: true
-  ~needs: [pg-metabase]
-  ingress:
-    enabled: false
-  env:
-    - name: MB_DB_CONNECTION_URI
-      value: "postgres://$(PGHOST):5432/$(PGDATABASE)?user=$(PGUSER)&password=$(PGPASSWORD)&ssl=false&sslfactory=org.postgresql.ssl.NonValidatingFactory"
-  envFrom:
-    - configMapRef:
-        name: metabase-configmap
-    - secretRef:
-        name: pg-metabase-app
-    - secretRef:
-        name: metabase
-
-oauth2-proxy:
-  host: "metabase-eds.fabrique.social.gouv.fr"
-  enabled: true
-  upstream: http://metabase
-  envFrom:
-    - configMapRef:
-        name: oauth2-proxy-configmap
-    - secretRef:
-        name: oauth2-proxy-sealed-secret
-  # additionalArgs:
-  #   - --skip-auth-route
-  #   - ^/public/.*,^/app/dist/.*,^/api/public/.*,^/api/session/.*,^/app/assets/.*
+  securityContext:
+    fsGroup: 1000
 
 jobs:
   runs:
@@ -60,3 +36,47 @@ jobs:
           NEXT_PUBLIC_FORMULAIRE_HJS: 6
           NEXT_PUBLIC_MATOMO_URL: https://matomo.fabrique.social.gouv.fr/
           NEXT_PUBLIC_MATOMO_SITE_FORMULAIRE_ID: 84
+
+pg:
+  backup:
+    name: "202403051831" # backup on a new folder
+  cnpg-cluster:
+    recovery:
+      enabled: true
+      ~tpl~database: "{{ .Values.global.pgDatabase }}"
+      ~tpl~owner: "{{ .Values.global.pgUser }}"
+      secretName: "pg-db"
+      barmanObjectStore:
+        ~tpl~destinationPath: "s3://recosante-prod-backups/recosante"
+        s3Credentials:
+          accessKeyId:
+            ~tpl~name: "recosante-prod-backups-access-key"
+            key: bucket_access_key
+          secretAccessKey:
+            ~tpl~name: "recosante-prod-backups-access-key"
+            key: bucket_secret_key
+          region:
+            ~tpl~name: "recosante-prod-backups-access-key"
+            key: bucket_region
+
+pg-form:
+  backup:
+    name: "202403051831" # backup on a new folder
+  cnpg-cluster:
+    recovery:
+      enabled: true
+      ~tpl~database: "{{ .Values.global.pgDatabase }}"
+      ~tpl~owner: "{{ .Values.global.pgUser }}"
+      secretName: "pg-db"
+      barmanObjectStore:
+        ~tpl~destinationPath: "s3://recosante-prod-backups/recosante"
+        s3Credentials:
+          accessKeyId:
+            ~tpl~name: "recosante-prod-backups-access-key"
+            key: bucket_access_key
+          secretAccessKey:
+            ~tpl~name: "recosante-prod-backups-access-key"
+            key: bucket_secret_key
+          region:
+            ~tpl~name: "recosante-prod-backups-access-key"
+            key: bucket_region
diff --git a/.kontinuous/values.yaml b/.kontinuous/values.yaml
@@ -20,7 +20,6 @@ app:
     - configMapRef:
         name: app-configmap
   probesPath: /api/healthz
-  replicas: 1
   ingress:
     annotations:
       nginx.ingress.kubernetes.io/configuration-snippet: |
@@ -55,7 +54,6 @@ form:
     - configMapRef:
         name: app-configmap
   probesPath: /api/healthz
-  replicas: 1
   ingress:
     annotations:
       nginx.ingress.kubernetes.io/configuration-snippet: |
@@ -64,12 +62,6 @@ form:
         more_set_headers "X-XSS-Protection: 1; mode=block";
         more_set_headers "X-Content-Type-Options: nosniff";
 
-metabase:
-  enabled: false
-
-oauth2-proxy:
-  enabled: false
-
 pg:
   ~chart: pg
 
@@ -100,4 +92,3 @@ jobs:
           sentry_auth_token:
             secretName: app-sealed-secret
             secretKey: SENTRY_AUTH_TOKEN
-