8 changed files with 253 additions and 0 deletions
@ -0,0 +1,55 @@ |
|||||
|
#!/bin/bash |
||||
|
|
||||
|
## |
||||
|
## Development instructions |
||||
|
## |
||||
|
# |
||||
|
# helm template foo . |
||||
|
# cd files/init-hook |
||||
|
# oc port-forward service/sql-server 1433:1433 |
||||
|
# export SA_PASSWORD='R3dH4t1!' |
||||
|
# export SQLSERVER_HOSTNAME="127.0.0.1" |
||||
|
# export DATABASE_NAME="eShop" |
||||
|
# export SCHEMA_NAME="eShop" |
||||
|
# export DATABASE_USERNAME="eShop" |
||||
|
# export DATABASE_PASSWORD='R3dH4t1!' |
||||
|
|
||||
|
set -Eeuo pipefail |
||||
|
|
||||
|
export PATH="/opt/mssql-tools/bin:$PATH" |
||||
|
|
||||
|
echo "========================================================================" |
||||
|
echo " Connecting to SQL Server" |
||||
|
echo "========================================================================" |
||||
|
echo |
||||
|
|
||||
|
while ! sqlcmd -Usa "-P${SA_PASSWORD}" "-S${SQLSERVER_HOSTNAME},1433" -Q"SELECT @@version" &>/dev/null; do |
||||
|
echo "SQL Server not ready..." |
||||
|
sleep 5 |
||||
|
done |
||||
|
|
||||
|
echo OK |
||||
|
echo |
||||
|
|
||||
|
echo "========================================================================" |
||||
|
echo " Configuring SQL Server" |
||||
|
echo "========================================================================" |
||||
|
echo |
||||
|
|
||||
|
sqlcmd -Usa "-P${SA_PASSWORD}" "-S${SQLSERVER_HOSTNAME},1433" -Q" |
||||
|
CREATE DATABASE ${DATABASE_NAME};" |
||||
|
|
||||
|
sqlcmd -Usa "-P${SA_PASSWORD}" "-S${SQLSERVER_HOSTNAME},1433" "-d${DATABASE_NAME}" -Q" |
||||
|
CREATE SCHEMA ${SCHEMA_NAME}; |
||||
|
GO |
||||
|
CREATE LOGIN ${DATABASE_USERNAME} WITH PASSWORD = '${DATABASE_PASSWORD}', DEFAULT_DATABASE = ${DATABASE_NAME}; |
||||
|
GO |
||||
|
CREATE USER ${DATABASE_USERNAME} FOR LOGIN ${DATABASE_USERNAME} WITH DEFAULT_SCHEMA=${SCHEMA_NAME}; |
||||
|
GO |
||||
|
GRANT ALL PRIVILEGES ON SCHEMA::${SCHEMA_NAME} TO ${DATABASE_USERNAME} WITH GRANT OPTION; |
||||
|
GO |
||||
|
ALTER ROLE db_owner ADD MEMBER ${DATABASE_USERNAME}; |
||||
|
GO |
||||
|
" |
||||
|
|
||||
|
exit 0 |
||||
@ -0,0 +1,61 @@ |
|||||
|
apiVersion: apps/v1 |
||||
|
kind: Deployment |
||||
|
metadata: |
||||
|
name: sql-server |
||||
|
labels: |
||||
|
app: eshop |
||||
|
app.kubernetes.io/component: sql-server |
||||
|
app.kubernetes.io/instance: sql-server |
||||
|
app.kubernetes.io/name: sql-server |
||||
|
app.kubernetes.io/part-of: eshop |
||||
|
spec: |
||||
|
selector: |
||||
|
matchLabels: |
||||
|
app: sql-server |
||||
|
strategy: |
||||
|
type: Recreate |
||||
|
template: |
||||
|
metadata: |
||||
|
labels: |
||||
|
app: sql-server |
||||
|
spec: |
||||
|
containers: |
||||
|
- name: sql-server |
||||
|
image: mcr.microsoft.com/mssql/rhel/server:2019-latest |
||||
|
imagePullPolicy: "Always" |
||||
|
readinessProbe: |
||||
|
tcpSocket: |
||||
|
port: 1433 |
||||
|
initialDelaySeconds: 5 |
||||
|
periodSeconds: 10 |
||||
|
livenessProbe: |
||||
|
tcpSocket: |
||||
|
port: 1433 |
||||
|
initialDelaySeconds: 5 |
||||
|
periodSeconds: 10 |
||||
|
ports: |
||||
|
- containerPort: 1433 |
||||
|
volumeMounts: |
||||
|
- mountPath: /var/opt/mssql |
||||
|
name: database |
||||
|
env: |
||||
|
- name: MSSQL_PID |
||||
|
value: "Developer" |
||||
|
- name: ACCEPT_EULA |
||||
|
value: "Y" |
||||
|
- name: MSSQL_SA_PASSWORD |
||||
|
valueFrom: |
||||
|
secretKeyRef: |
||||
|
name: sql-server-seed |
||||
|
key: sa-password |
||||
|
restartPolicy: Always |
||||
|
terminationGracePeriodSeconds: 30 |
||||
|
dnsPolicy: ClusterFirst |
||||
|
securityContext: {} |
||||
|
schedulerName: default-scheduler |
||||
|
serviceAccountName: sql-server |
||||
|
serviceAccount: sql-server |
||||
|
volumes: |
||||
|
- name: database |
||||
|
persistentVolumeClaim: |
||||
|
claimName: sql-server |
||||
@ -0,0 +1,65 @@ |
|||||
|
apiVersion: v1 |
||||
|
kind: ConfigMap |
||||
|
metadata: |
||||
|
name: sql-server-init-hook |
||||
|
data: |
||||
|
{{ (.Files.Glob "files/init-hook/*").AsConfig | indent 2 }} |
||||
|
--- |
||||
|
apiVersion: batch/v1 |
||||
|
kind: Job |
||||
|
metadata: |
||||
|
name: sql-server-init-hook |
||||
|
spec: |
||||
|
backoffLimit: 30 |
||||
|
template: |
||||
|
spec: |
||||
|
containers: |
||||
|
- name: hook |
||||
|
command: |
||||
|
- /entrypoint/configure-sql-server.sh |
||||
|
args: [] |
||||
|
image: quay.io/redhat_sa_france/sql-server-2019-cli:latest |
||||
|
imagePullPolicy: IfNotPresent |
||||
|
env: |
||||
|
- name: SA_PASSWORD |
||||
|
valueFrom: |
||||
|
secretKeyRef: |
||||
|
name: sql-server-seed |
||||
|
key: sa-password |
||||
|
- name: SQLSERVER_HOSTNAME |
||||
|
value: "sql-server" |
||||
|
- name: DATABASE_NAME |
||||
|
valueFrom: |
||||
|
secretKeyRef: |
||||
|
name: sql-server-seed |
||||
|
key: database-name |
||||
|
- name: SCHEMA_NAME |
||||
|
valueFrom: |
||||
|
secretKeyRef: |
||||
|
name: sql-server-seed |
||||
|
key: schema-name |
||||
|
- name: DATABASE_USERNAME |
||||
|
valueFrom: |
||||
|
secretKeyRef: |
||||
|
name: sql-server-seed |
||||
|
key: database-username |
||||
|
- name: DATABASE_PASSWORD |
||||
|
valueFrom: |
||||
|
secretKeyRef: |
||||
|
name: sql-server-seed |
||||
|
key: database-password |
||||
|
- name: USER |
||||
|
value: openshift |
||||
|
- name: HOME |
||||
|
value: /tmp |
||||
|
volumeMounts: |
||||
|
- mountPath: /entrypoint |
||||
|
name: script |
||||
|
readOnly: true |
||||
|
restartPolicy: OnFailure |
||||
|
terminationGracePeriodSeconds: 30 |
||||
|
volumes: |
||||
|
- name: script |
||||
|
configMap: |
||||
|
name: sql-server-init-hook |
||||
|
defaultMode: 0755 |
||||
@ -0,0 +1,30 @@ |
|||||
|
apiVersion: v1 |
||||
|
kind: ServiceAccount |
||||
|
metadata: |
||||
|
name: sql-server |
||||
|
--- |
||||
|
apiVersion: rbac.authorization.k8s.io/v1 |
||||
|
kind: Role |
||||
|
metadata: |
||||
|
name: use-scc-anyuid |
||||
|
rules: |
||||
|
- apiGroups: |
||||
|
- security.openshift.io |
||||
|
resourceNames: |
||||
|
- anyuid |
||||
|
resources: |
||||
|
- securitycontextconstraints |
||||
|
verbs: |
||||
|
- use |
||||
|
--- |
||||
|
apiVersion: rbac.authorization.k8s.io/v1 |
||||
|
kind: RoleBinding |
||||
|
metadata: |
||||
|
name: sql-server-uses-scc-anyuid |
||||
|
roleRef: |
||||
|
apiGroup: rbac.authorization.k8s.io |
||||
|
kind: Role |
||||
|
name: use-scc-anyuid |
||||
|
subjects: |
||||
|
- kind: ServiceAccount |
||||
|
name: sql-server |
||||
@ -0,0 +1,11 @@ |
|||||
|
apiVersion: v1 |
||||
|
kind: Secret |
||||
|
metadata: |
||||
|
name: sql-server-seed |
||||
|
stringData: |
||||
|
# BEWARE! Password complexity rules are enforced by SQL Server! |
||||
|
sa-password: {{ .Values.saPassword | quote }} |
||||
|
database-name: {{ .Values.database.name | quote }} |
||||
|
schema-name: {{ .Values.database.schema | quote }} |
||||
|
database-username: {{ .Values.database.owner.username | quote }} |
||||
|
database-password: {{ .Values.database.owner.password | quote }} |
||||
@ -0,0 +1,20 @@ |
|||||
|
kind: Service |
||||
|
apiVersion: v1 |
||||
|
metadata: |
||||
|
name: sql-server |
||||
|
labels: |
||||
|
app: eshop |
||||
|
app.kubernetes.io/component: sql-server |
||||
|
app.kubernetes.io/instance: sql-server |
||||
|
app.kubernetes.io/name: sql-server |
||||
|
app.kubernetes.io/part-of: eshop |
||||
|
spec: |
||||
|
ports: |
||||
|
- name: sql |
||||
|
protocol: TCP |
||||
|
port: 1433 |
||||
|
targetPort: 1433 |
||||
|
type: ClusterIP |
||||
|
sessionAffinity: None |
||||
|
selector: |
||||
|
app: sql-server |
||||
@ -0,0 +1,10 @@ |
|||||
|
kind: PersistentVolumeClaim |
||||
|
apiVersion: v1 |
||||
|
metadata: |
||||
|
name: sql-server |
||||
|
spec: |
||||
|
accessModes: |
||||
|
- ReadWriteOnce |
||||
|
resources: |
||||
|
requests: |
||||
|
storage: 8Gi |
||||
Loading…
Reference in new issue