From 806ec5926a2ec2bcba3763730bb3c2d4736c9a63 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Nicolas=20Mass=C3=A9?= <nicolas.masse@itix.fr>
Date: Tue, 13 Jun 2023 13:30:43 +0200
Subject: [PATCH] wip

---
 .../files/init-hook/configure-sql-server.sh   | 55 ++++++++++++++++
 .../sql-server-2019/templates/deployment.yaml | 61 +++++++++++++++++
 charts/sql-server-2019/templates/hook.yaml    | 65 +++++++++++++++++++
 charts/sql-server-2019/templates/rbac.yaml    | 30 +++++++++
 charts/sql-server-2019/templates/secrets.yaml | 11 ++++
 charts/sql-server-2019/templates/service.yaml | 20 ++++++
 charts/sql-server-2019/templates/storage.yaml | 10 +++
 charts/sql-server-2019/values.yaml            |  1 +
 8 files changed, 253 insertions(+)
 create mode 100755 charts/sql-server-2019/files/init-hook/configure-sql-server.sh
 create mode 100644 charts/sql-server-2019/templates/deployment.yaml
 create mode 100644 charts/sql-server-2019/templates/hook.yaml
 create mode 100644 charts/sql-server-2019/templates/rbac.yaml
 create mode 100644 charts/sql-server-2019/templates/secrets.yaml
 create mode 100644 charts/sql-server-2019/templates/service.yaml
 create mode 100644 charts/sql-server-2019/templates/storage.yaml

diff --git a/charts/sql-server-2019/files/init-hook/configure-sql-server.sh b/charts/sql-server-2019/files/init-hook/configure-sql-server.sh
new file mode 100755
index 0000000..2dca6f0
--- /dev/null
+++ b/charts/sql-server-2019/files/init-hook/configure-sql-server.sh
@@ -0,0 +1,55 @@
+#!/bin/bash
+
+##
+## Development instructions
+##
+#
+# helm template foo .
+# cd files/init-hook
+# oc port-forward service/sql-server 1433:1433
+# export SA_PASSWORD='R3dH4t1!'
+# export SQLSERVER_HOSTNAME="127.0.0.1"
+# export DATABASE_NAME="eShop"
+# export SCHEMA_NAME="eShop"
+# export DATABASE_USERNAME="eShop"
+# export DATABASE_PASSWORD='R3dH4t1!'
+
+set -Eeuo pipefail
+
+export PATH="/opt/mssql-tools/bin:$PATH"
+
+echo "========================================================================"
+echo " Connecting to SQL Server"
+echo "========================================================================"
+echo
+
+while ! sqlcmd -Usa "-P${SA_PASSWORD}" "-S${SQLSERVER_HOSTNAME},1433" -Q"SELECT @@version" &>/dev/null; do
+    echo "SQL Server not ready..."
+    sleep 5
+done
+
+echo OK
+echo
+
+echo "========================================================================"
+echo " Configuring SQL Server"
+echo "========================================================================"
+echo
+
+sqlcmd -Usa "-P${SA_PASSWORD}" "-S${SQLSERVER_HOSTNAME},1433" -Q"
+CREATE DATABASE ${DATABASE_NAME};"
+
+sqlcmd -Usa "-P${SA_PASSWORD}" "-S${SQLSERVER_HOSTNAME},1433" "-d${DATABASE_NAME}" -Q"
+CREATE SCHEMA ${SCHEMA_NAME};
+GO
+CREATE LOGIN ${DATABASE_USERNAME} WITH PASSWORD = '${DATABASE_PASSWORD}', DEFAULT_DATABASE = ${DATABASE_NAME};
+GO
+CREATE USER ${DATABASE_USERNAME} FOR LOGIN ${DATABASE_USERNAME} WITH DEFAULT_SCHEMA=${SCHEMA_NAME};
+GO
+GRANT ALL PRIVILEGES ON SCHEMA::${SCHEMA_NAME} TO ${DATABASE_USERNAME} WITH GRANT OPTION;
+GO
+ALTER ROLE db_owner ADD MEMBER ${DATABASE_USERNAME};
+GO
+"
+
+exit 0
diff --git a/charts/sql-server-2019/templates/deployment.yaml b/charts/sql-server-2019/templates/deployment.yaml
new file mode 100644
index 0000000..ae31157
--- /dev/null
+++ b/charts/sql-server-2019/templates/deployment.yaml
@@ -0,0 +1,61 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: sql-server
+  labels:
+    app: eshop
+    app.kubernetes.io/component: sql-server
+    app.kubernetes.io/instance: sql-server
+    app.kubernetes.io/name: sql-server
+    app.kubernetes.io/part-of: eshop
+spec:
+  selector:
+    matchLabels:
+      app: sql-server
+  strategy:
+    type: Recreate
+  template:
+    metadata:
+      labels:
+        app: sql-server
+    spec:
+      containers:
+      - name: sql-server
+        image: mcr.microsoft.com/mssql/rhel/server:2019-latest
+        imagePullPolicy: "Always"
+        readinessProbe:
+          tcpSocket:
+            port: 1433
+          initialDelaySeconds: 5
+          periodSeconds: 10
+        livenessProbe:
+          tcpSocket:
+            port: 1433
+          initialDelaySeconds: 5
+          periodSeconds: 10
+        ports:
+        - containerPort: 1433
+        volumeMounts:
+        - mountPath: /var/opt/mssql
+          name: database
+        env:
+        - name: MSSQL_PID
+          value: "Developer"
+        - name: ACCEPT_EULA
+          value: "Y"
+        - name: MSSQL_SA_PASSWORD
+          valueFrom:
+            secretKeyRef:
+              name: sql-server-seed
+              key: sa-password
+      restartPolicy: Always
+      terminationGracePeriodSeconds: 30
+      dnsPolicy: ClusterFirst
+      securityContext: {}
+      schedulerName: default-scheduler
+      serviceAccountName: sql-server
+      serviceAccount: sql-server
+      volumes:
+      - name: database
+        persistentVolumeClaim:
+          claimName: sql-server
diff --git a/charts/sql-server-2019/templates/hook.yaml b/charts/sql-server-2019/templates/hook.yaml
new file mode 100644
index 0000000..9b6d5ac
--- /dev/null
+++ b/charts/sql-server-2019/templates/hook.yaml
@@ -0,0 +1,65 @@
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: sql-server-init-hook
+data:
+{{ (.Files.Glob "files/init-hook/*").AsConfig | indent 2 }}
+---
+apiVersion: batch/v1
+kind: Job
+metadata:
+  name: sql-server-init-hook
+spec:
+  backoffLimit: 30
+  template:
+    spec:
+      containers:
+      - name: hook
+        command:
+        - /entrypoint/configure-sql-server.sh
+        args: []
+        image: quay.io/redhat_sa_france/sql-server-2019-cli:latest
+        imagePullPolicy: IfNotPresent
+        env:
+        - name: SA_PASSWORD
+          valueFrom:
+            secretKeyRef:
+              name: sql-server-seed
+              key: sa-password
+        - name: SQLSERVER_HOSTNAME
+          value: "sql-server"
+        - name: DATABASE_NAME
+          valueFrom:
+            secretKeyRef:
+              name: sql-server-seed
+              key: database-name
+        - name: SCHEMA_NAME
+          valueFrom:
+            secretKeyRef:
+              name: sql-server-seed
+              key: schema-name
+        - name: DATABASE_USERNAME
+          valueFrom:
+            secretKeyRef:
+              name: sql-server-seed
+              key: database-username
+        - name: DATABASE_PASSWORD
+          valueFrom:
+            secretKeyRef:
+              name: sql-server-seed
+              key: database-password
+        - name: USER
+          value: openshift
+        - name: HOME
+          value: /tmp
+        volumeMounts:
+        - mountPath: /entrypoint
+          name: script
+          readOnly: true
+      restartPolicy: OnFailure
+      terminationGracePeriodSeconds: 30
+      volumes:
+      - name: script
+        configMap:
+          name: sql-server-init-hook
+          defaultMode: 0755
diff --git a/charts/sql-server-2019/templates/rbac.yaml b/charts/sql-server-2019/templates/rbac.yaml
new file mode 100644
index 0000000..3e90572
--- /dev/null
+++ b/charts/sql-server-2019/templates/rbac.yaml
@@ -0,0 +1,30 @@
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: sql-server
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: Role
+metadata:
+  name: use-scc-anyuid
+rules:
+- apiGroups:
+  - security.openshift.io
+  resourceNames:
+  - anyuid
+  resources:
+  - securitycontextconstraints
+  verbs:
+  - use
+---
+apiVersion: rbac.authorization.k8s.io/v1
+kind: RoleBinding
+metadata:
+  name: sql-server-uses-scc-anyuid
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: Role
+  name: use-scc-anyuid
+subjects:
+- kind: ServiceAccount
+  name: sql-server
diff --git a/charts/sql-server-2019/templates/secrets.yaml b/charts/sql-server-2019/templates/secrets.yaml
new file mode 100644
index 0000000..4d99f1e
--- /dev/null
+++ b/charts/sql-server-2019/templates/secrets.yaml
@@ -0,0 +1,11 @@
+apiVersion: v1
+kind: Secret
+metadata:
+  name: sql-server-seed
+stringData:
+  # BEWARE! Password complexity rules are enforced by SQL Server!
+  sa-password: {{ .Values.saPassword | quote }}
+  database-name: {{ .Values.database.name | quote }}
+  schema-name: {{ .Values.database.schema | quote }}
+  database-username: {{ .Values.database.owner.username | quote }}
+  database-password: {{ .Values.database.owner.password | quote }}
diff --git a/charts/sql-server-2019/templates/service.yaml b/charts/sql-server-2019/templates/service.yaml
new file mode 100644
index 0000000..96279a9
--- /dev/null
+++ b/charts/sql-server-2019/templates/service.yaml
@@ -0,0 +1,20 @@
+kind: Service
+apiVersion: v1
+metadata:
+  name: sql-server
+  labels:
+    app: eshop
+    app.kubernetes.io/component: sql-server
+    app.kubernetes.io/instance: sql-server
+    app.kubernetes.io/name: sql-server
+    app.kubernetes.io/part-of: eshop
+spec:
+  ports:
+  - name: sql
+    protocol: TCP
+    port: 1433
+    targetPort: 1433
+  type: ClusterIP
+  sessionAffinity: None
+  selector:
+    app: sql-server
diff --git a/charts/sql-server-2019/templates/storage.yaml b/charts/sql-server-2019/templates/storage.yaml
new file mode 100644
index 0000000..a2fe19c
--- /dev/null
+++ b/charts/sql-server-2019/templates/storage.yaml
@@ -0,0 +1,10 @@
+kind: PersistentVolumeClaim
+apiVersion: v1
+metadata:
+  name: sql-server
+spec:
+  accessModes:
+  - ReadWriteOnce
+  resources:
+    requests:
+      storage: 8Gi
diff --git a/charts/sql-server-2019/values.yaml b/charts/sql-server-2019/values.yaml
index 9f2f9cd..b03edd1 100644
--- a/charts/sql-server-2019/values.yaml
+++ b/charts/sql-server-2019/values.yaml
@@ -1,3 +1,4 @@
+# BEWARE! Password complexity rules are enforced by SQL Server!
 saPassword: "R3dH4t1!"
 database:
   name: "eShop"