feat: Who prod deploy (#24)

* fix: rename PVC and remove disallowed value * fix: add missing acr access * fix: force owner on file mounts * update groupid * fix: update whitespace * fix: remove permissive filemode
fjelltopp · Aug 13, 2024 · 72c90e2 · 72c90e2
1 parent e68fd6e
commit 72c90e2
Show file tree

Hide file tree

Showing 3 changed files with 22 additions and 8 deletions.
diff --git a/roles/ckan/templates/kubernetes/aks/ckan_volumes.yaml b/roles/ckan/templates/kubernetes/aks/ckan_volumes.yaml
@@ -1,12 +1,22 @@
 ---
+apiVersion: storage.k8s.io/v1
+kind: StorageClass
+metadata:  
+  name: azureblob-nfs-premium
+provisioner: file.csi.azure.com
+volumeBindingMode: Immediate
+allowVolumeExpansion: true
+mountOptions:
+  - uid=900
+  - gid=900
+
 apiVersion: v1
 kind: PersistentVolumeClaim
 metadata:
   labels:
     app: ckan
-  name: ckan-resources-blob
+  name: ckan-resources
 spec:
-  persistentVolumeReclaimPolicy: Retain
   accessModes:
   - ReadWriteMany
   storageClassName: azureblob-nfs-premium
@@ -20,9 +30,8 @@ kind: PersistentVolumeClaim
 metadata:
   labels:
     app: ckan
-  name: ckan-webassets-blob
+  name: ckan-webassets
 spec:
-  persistentVolumeReclaimPolicy: Retain
   accessModes:
   - ReadWriteMany
   storageClassName: azureblob-nfs-premium
@@ -36,12 +45,11 @@ kind: PersistentVolumeClaim
 metadata:
   labels:
     app: ckan
-  name: ckan-storage-blob
+  name: ckan-storage
 spec:
-  persistentVolumeReclaimPolicy: Retain
   accessModes:
   - ReadWriteMany
   storageClassName: azureblob-nfs-premium
   resources:
     requests:
-      storage: 1Gi
+      storage: 1Gi
diff --git a/roles/ckan/templates/kubernetes/ckandb_job.yaml b/roles/ckan/templates/kubernetes/ckandb_job.yaml
@@ -26,7 +26,7 @@ spec:
               value: "{{ rds_admin_username }}"
             - name: POSTGRES_PASSWORD
               value: "{{ ckan_postgres_password }}"
- 
+
           name: ckan-db-init
           image: postgres:13
           command: ['bash', '-c']

diff --git a/roles/setup-aks/tasks/main.yml b/roles/setup-aks/tasks/main.yml
@@ -65,6 +65,12 @@
     --name {{resource_prefix}}-aks \
     --resource-group {{ resource_group_name }} \
 
+- name: Allow AKS to access ACR
+  command: >
+    az aks update --attach-acr {{acr_name}} \
+    --name {{resource_prefix}}-aks \
+    --resource-group {{ resource_group_name }}
+    
 # TODO: (Maybe) Remove public control plane network with CLI
 - name: Create a storage account for the data lake
   azure_rm_storageaccount: