fix: All jobs responsible for initial configuration will have -on-deploy suffix

.github/workflows/deploy-opencrvs.yml

@@ -14,11 +14,11 @@ on:
       core-image-tag:
         description: "Tag of the core image"
         required: true
-        default: "v1.9.1"
+        default: "v1.9.3"
       countryconfig-image-tag:
         description: "Tag of the countryconfig image"
         required: true
-        default: "v1.9.1"
+        default: "v1.9.3"
       environment:
         description: "Target environment"
         required: true

.github/workflows/k8s-reset-data.yml

@@ -82,7 +82,7 @@ jobs:
       matrix:
         job-name:
           - data-cleanup
-          - postgres-on-update-core
+          - postgres-on-deploy
           - data-migration
           - postgres-on-update-analytics
     steps:

charts/opencrvs-services/Chart.yaml

@@ -2,5 +2,5 @@ apiVersion: v2
 name: opencrvs-services
 description: OpenCRVS Services
 type: application
-version: 0.1.23
-appVersion: 1.9.0
+version: 0.1.24
+appVersion: 1.9.3

charts/opencrvs-services/README.md

@@ -780,3 +780,19 @@ In this example:
 - `KIBANA_SYSTEM`, `METRICBEAT`, and `APM` will use the specified usernames (`kibana_system`, `beats_system`, `apm_system`) with random passwords.
 
 The generated credentials can be accessed from the `elasticsearch-opencrvs-users` secret.
+
+# Additional information
+
+## Helm chart hooks
+
+Helm chart has following pre-install/upgrade hooks:
+- elasticsearch-on-deploy: create elasticsearch users and configure permissions, see `elasticsearch` configuration options for more details how to configure users and permissions
+- influxdb-on-deploy: create database
+- mongo-on-deploy: create databases and users with correct permissions, see `mongodb` configuration options for more details how to configure users and permissions
+- postgres-on-deploy: create database, schemas and users with correct permissions 
+
+Helm chart has following post-install/upgrade hooks:
+- data-migration: apply data migrations to postgres, mongodb, influxdb
+- data-migration-analytics: apply data migrations to postgres, this hook use Countryconfig assets docker image, see documentation on how to create own analytics dashboards.
+- data-seed: initial data seed, runs only on post-install
+- elasticsearch-reindex: reindex data after deployment

charts/opencrvs-services/templates/dashboards-deployment.yaml

@@ -58,7 +58,7 @@ spec:
             - sh
             - -c
             - >
-              cp -R /assets/* /data-assets/ &&
+              cp -R /assets/metabase/* /data-assets/ &&
               chmod +x /data-assets/*.sh || true
           volumeMounts:
             - name: assets

charts/opencrvs-services/templates/postgres-on-update-analytics-job.yaml → charts/opencrvs-services/templates/data-migration-analytics-job.yaml

@@ -1,23 +1,38 @@
 ---
+# TODO: REVIEW: Refactor job move to countryconfig assets
+#       - create dedicated Dockerfile for a job in countryconfig
+#       - package migration assets
+#       - delete setup-analytics.sh from helm chart
 apiVersion: batch/v1
 kind: Job
 metadata:
   annotations:
     "helm.sh/hook": pre-install,pre-upgrade
     "helm.sh/hook-weight": "3"
   labels:
-    app: postgres-on-update-analytics
-  name: postgres-on-update-analytics
+    app: data-migration-analytics
+  name: data-migration-analytics
 spec:
   template:
     metadata:
       labels:
-        app: postgres-on-update-analytics
+        app: data-migration-analytics
     spec:
+      initContainers:
+        - name: copy-assets
+          image: "{{ .Values.countryconfig.image.name }}:{{ .Values.countryconfig.image.tag }}-assets"
+          command:
+            - sh
+            - -c
+            - >
+              cp -R /assets/postgres/* /data-assets/ &&
+              chmod +x /data-assets/*.sh || true
+          volumeMounts:
+            - name: assets
+              mountPath: /data-assets
       containers:
-        - name: postgres-on-update-analytics
-          command: ["bash", "-c", "/scripts/setup-analytics.sh"]
-          # command: ["bash", "-c", "/scripts/on-deploy.sh;"]
+        - name: data-migration-analytics
+          command: ["bash", "-c", "/data-assets/setup-analytics.sh"]
           image: postgres:17
           env:
             - name: POSTGRES_HOST
@@ -73,11 +88,9 @@ spec:
                   key: EVENTS_ANALYTICS_POSTGRES_PASSWORD
           {{- include "render-env-vars" (dict "service_name" "postgres_on_deploy" "Values" .Values) }}
           volumeMounts:
-            - mountPath: /scripts
-              name: postgres-on-update-script
+            - name: assets
+              mountPath: /data-assets
       volumes:
-        - name: postgres-on-update-script
-          configMap:
-            name: postgres-on-update-script
-            defaultMode: 0755
+        - name: assets
+          emptyDir: {}
       restartPolicy: "OnFailure"

charts/opencrvs-services/templates/mongo-on-update-configmap.yaml → charts/opencrvs-services/templates/mongo-on-deploy-configmap.yaml

@@ -10,5 +10,5 @@ metadata:
   annotations:
     "helm.sh/hook": pre-install,pre-upgrade
     "helm.sh/hook-weight": "0"
-  name: mongo-on-update-script
+  name: mongo-on-deploy-script
 {{- end }}

charts/opencrvs-services/templates/mongo-on-update.yaml → charts/opencrvs-services/templates/mongo-on-deploy.yaml

@@ -57,11 +57,11 @@ spec:
           {{- end }}
           volumeMounts:
             - mountPath: /on-deploy.sh
-              name: mongo-on-update-script
+              name: mongo-on-deploy-script
               subPath: on-deploy.sh
       volumes:
-        - name: mongo-on-update-script
+        - name: mongo-on-deploy-script
           configMap:
-            name: mongo-on-update-script
+            name: mongo-on-deploy-script
       restartPolicy: "OnFailure"
   {{- end }}

charts/opencrvs-services/templates/postgres-on-update-configmap.yaml → charts/opencrvs-services/templates/postgres-on-deploy-configmap.yaml

@@ -3,6 +3,7 @@ apiVersion: v1
 data:
   on-deploy.sh: |
     {{- .Files.Get "files/postgres-on-deploy.sh" | indent 8 }}
+  # TODO: Move to dedicated configmap
   setup-analytics.sh: |
     {{- .Files.Get "files/setup-analytics.sh" | indent 8 }}
 kind: ConfigMap
@@ -12,4 +13,4 @@ metadata:
   annotations:
     "helm.sh/hook": pre-install,pre-upgrade
     "helm.sh/hook-weight": "0"
-  name: postgres-on-update-script
+  name: postgres-on-deploy-script

charts/opencrvs-services/templates/postgres-on-update-core-job.yaml → charts/opencrvs-services/templates/postgres-on-deploy-job.yaml

@@ -6,16 +6,16 @@ metadata:
     "helm.sh/hook": pre-install,pre-upgrade
     "helm.sh/hook-weight": "1"
   labels:
-    app: postgres-on-update-core
-  name: postgres-on-update-core
+    app: postgres-on-deploy
+  name: postgres-on-deploy
 spec:
   template:
     metadata:
       labels:
-        app: postgres-on-update-core
+        app: postgres-on-deploy
     spec:
       containers:
-        - name: postgres-on-update-core
+        - name: postgres-on-deploy
           command: ["bash", "-c", "/scripts/on-deploy.sh"]
           image: postgres:17
           env:
@@ -73,10 +73,10 @@ spec:
           {{- include "render-env-vars" (dict "service_name" "postgres_on_deploy" "Values" .Values) }}
           volumeMounts:
             - mountPath: /scripts
-              name: postgres-on-update-script
+              name: postgres-on-deploy-script
       volumes:
-        - name: postgres-on-update-script
+        - name: postgres-on-deploy-script
           configMap:
-            name: postgres-on-update-script
+            name: postgres-on-deploy-script
             defaultMode: 0755
       restartPolicy: "OnFailure"