ESS helm charts - preserve secret

CHEFS - update stream configuration only if needed
bcgov · Nov 23, 2024 · 3735257 · 3735257
1 parent e6fa1df
commit 3735257
Show file tree

Hide file tree

Showing 3 changed files with 40 additions and 21 deletions.
diff --git a/app/src/components/eventStreamService.js b/app/src/components/eventStreamService.js
@@ -138,32 +138,50 @@ class EventStreamService {
           name: this.streamName,
           subjects: [`${this.publicSubject}.>`, `${this.privateSubject}.>`],
         };
+        let streamInfo;
         try {
           // this will throw an error if stream is not created.
-          await this.jsm.streams.info(cfg.name);
+          streamInfo = await this.jsm.streams.info(cfg.name);
         } catch (err) {
           // catch the error and add the stream, it doesn't exist!
           if (err.message === 'stream not found') {
             log.info(`Stream: ${cfg.name} not found, creating stream...`, { function: 'openConnection' });
+            Object.assign(
+              cfg,
+              { max_msgs: this.maxMsgs, max_bytes: this.maxBytes, max_msg_size: this.maxMsgSize, num_replicas: this.numReplicas },
+              { max_age: nanos(this.maxAge), duplicate_window: nanos(this.duplicateWindow) }
+            );
             await this.jsm.streams.add(cfg);
             log.info(`Stream: ${cfg.name} created.`, { function: 'openConnection' });
           }
         }
         try {
-          log.info(`Stream: ${cfg.name} updating max_msgs/max_bytes/max_msg_size/num_replicas...`, { function: 'openConnection' });
-          // let's ensure that we have the current configuration
-          await this.jsm.streams.update(cfg.name, { max_msgs: this.maxMsgs, max_bytes: this.maxBytes, max_msg_size: this.maxMsgSize, num_replicas: this.numReplicas });
-          await new Promise((r) => setTimeout(r, 1000));
-          log.info(`Stream: ${cfg.name} max_msgs/max_bytes/max_msg_size/num_replicas configuration updated.`, { function: 'openConnection' });
-        } catch (err) {
-          log.error(err.message, { function: 'openConnection' });
-        }
-        try {
-          log.info(`Stream: ${cfg.name} updating max_age/duplicate_window...`, { function: 'openConnection' });
-          // let's ensure that we have the current configuration
-          await this.jsm.streams.update(cfg.name, { max_age: nanos(this.maxAge), duplicate_window: nanos(this.duplicateWindow) });
-          await new Promise((r) => setTimeout(r, 1000));
-          log.info(`Stream: ${cfg.name} max_age/duplicate_window configuration updated.`, { function: 'openConnection' });
+          streamInfo = await this.jsm.streams.info(cfg.name);
+          const upd = {};
+          if (streamInfo.config.max_msgs !== this.maxMsgs) {
+            upd['max_msgs'] = this.maxMsgs;
+          }
+          if (streamInfo.config.max_bytes !== this.maxBytes) {
+            upd['max_bytes'] = this.maxBytes;
+          }
+          if (streamInfo.config.max_msg_size !== this.maxMsgSize) {
+            upd['max_msg_size'] = this.maxMsgSize;
+          }
+          if (streamInfo.config.num_replicas !== this.numReplicas) {
+            upd['num_replicas'] = this.maxMsgs;
+          }
+          if (streamInfo.config.max_age !== nanos(this.maxAge)) {
+            upd['max_age'] = nanos(this.maxAge);
+          }
+          if (streamInfo.config.duplicate_window !== nanos(this.duplicateWindow)) {
+            upd['duplicate_window'] = nanos(this.duplicateWindow);
+          }
+          if (Object.keys(upd).length) {
+            log.info(`Stream: ${cfg.name} updating configuration...`, { function: 'openConnection' });
+            await this.jsm.streams.update(cfg.name, upd);
+            await new Promise((r) => setTimeout(r, 1000));
+            log.info(`Stream: ${cfg.name} configuration updated.`, { function: 'openConnection' });
+          }
         } catch (err) {
           log.error(err.message, { function: 'openConnection' });
         }

diff --git a/event-stream-service/charts/event-stream-service/README.md b/event-stream-service/charts/event-stream-service/README.md
@@ -26,19 +26,21 @@ helm upgrade --install event-stream-service ./charts/event-stream-service -f ./c
 To set up a CHEFS instance to use this installation of Event Stream Service, you will need to know the server name and you will need the generated secret for the `chefs` account.
 
 Find the `ess-nginx-route` and note the location. The Event Stream Service server will be the host (so no `https://` and no path).
-Find the `ess-nats-auth` and copy the value for `chefs_pwd`.
+Find the `ess-nats-auth` secret and copy the value for `chefs_pwd`.
 
 ### To remove
 
 1. get your Openshift token
 2. use oc login to your namespace
 3. run the `helm` uninstall command
-4. if permanently deleting, then run the `oc delete pvc` command to remove the persistent storage
+4. if wanting to do a clean install later, then run the `oc delete pvc` command to remove the persistent storage
+5. if permanently deleting, then run the `oc delete secret` command to remove the secret
 
 ```
 oc login --token=sha256~yk5BCjn0syJV0qXEyPk12s09v-RIdmTeLVdQmQrQEBc --server=https://api.silver.devops.gov.bc.ca:6443
 helm uninstall event-stream-service
 oc delete pvc -l 'app.kubernetes.io/instance=event-stream-service'
+oc delete secret -l 'app.kubernetes.io/instance=event-stream-service'
 ```
 
 ## Future
@@ -47,7 +49,7 @@ We will need to create different param override (values) files for each instance
 You can specify the '--values'/'-f' flag multiple times. The priority will be given to the last (right-most) file specified.
 
 ```
-helm upgrade --install event-stream-service ./charts/event-stream-service -f ./charts/event-stream-service/values.yaml -f ./charts/event-stream-service/values-dev.yaml
+helm upgrade --install event-stream-service ./charts/event-stream-service -f ./charts/event-stream-service/values.yaml -f ./charts/event-stream-service/values-prod.yaml
 ```
 
 This would apply our default values file (`values.yaml`) with any overrides found in `values-prod.yaml` taking priority.
diff --git a/event-stream-service/charts/event-stream-service/templates/nats-secrets.yaml b/event-stream-service/charts/event-stream-service/templates/nats-secrets.yaml
@@ -9,9 +9,8 @@ metadata:
   name: {{ $secretName }}
   namespace: {{ include "common.names.namespace" . | quote }}
   labels: {{- include "common.labels.standard" ( dict "customLabels" .Values.commonLabels "context" $ ) | nindent 4 }}
-  {{- if .Values.commonAnnotations }}
-  annotations: {{- include "common.tplvalues.render" ( dict "value" .Values.commonAnnotations "context" $ ) | nindent 4 }}
-  {{- end }}
+  annotations:
+    helm.sh/resource-policy: keep
 data:
   sysadmin_pwd: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" "sysadmin_pwd" "defaultValue" $sysadminPwdValue "context" $) }}
   admin_pwd: {{ include "common.secrets.lookup" (dict "secret" $secretName "key" "admin_pwd" "defaultValue" $adminPwdValue "context" $) }}