Be explicit about Helm file dependencies on external files

We should be depending as little as possible on files outside of the repository, to ensure we have a portable and maintainable setup.

As of right now, I found that the following files are outside of the repository:

  • run_systemtest.sh
    • /opt/kubernetes/CTA/ .. oracle-creds.yaml
    • /opt/kubernetes/CTA/ .. pgsched-creds.yaml
    • /opt/kubernetes/CTA/ .. objectstore-file.yaml
  • create_instance.sh
    • /opt/kubernetes/CTA/objectstore/objectstore-file.yaml
    • /opt/kubernetes/CTA/database/oracle-creds.yaml
    • /opt/kubernetes/CTA/library/config/library-config-${LIBRARY_DEVICE}.yaml

This can be divided into three parts:

Catalogue credentials

To my understanding, the current workflow is this:

  1. The user provided the *-creds.yaml values file to the helm install command (using -f).
  2. These are then used in catalogue-config.yaml to create the database-config ConfigMap.
  3. The database-config ConfigMap is then mounted to /etc/config/database
  4. The init_database.sh script in continuousintegration/docker/ctafrontend/opt/run/bin/init_database.sh then uses these values to initialise two environment variables: DATABASETYPE and DATABASEURL. This script is run in several containers.
  5. These variables are used to generate some config files

There are also definitions related to the catalogue config the _helpers.tpl in the init chart. These convert the catalogue related values into a bunch of database.* properties. However, this seems to be unused.

On the whole, this process is very complex and difficult to follow. We should be able to provide the generated config map immediately.

This removes the entire need for the init_database.sh scripts and makes the pipeline significantly cleaner. It cleans up the values.yml as well and removes the need for outside scripts. When non-dummy variables are used, the user just needs to ensure that the relevant secret is on the machine (and we can provide a simple script for generating this secret)

Scheduler credentials

This can most likely be done in a similar way to the catalogue. TBD...

Library config

This will be part of cleaning up the library and minikube_cta_ci setup.

Edited by Niels Alexander Buegel