fix: add secure postgres db samples, fixes RHOAIENG-6712

dhirajsb · dhirajsb · commit 4bed142fb0fe · 2024-05-02T22:35:48.000-07:00
diff --git a/README.md b/README.md
@@ -64,6 +64,8 @@ make deploy
 * [PostgreSQL with Istio and TLS](config/samples/istio/postgres-tls) PostgreSQL database, Istio, and TLS Gateway endpoints
 * [Secure MySQL without Istio](config/samples/secure-db/mysql) plain Kubernetes model registry services with a sample SSL secured MySQL database
 * [Secure MySQL with Istio](config/samples/secure-db/mysql-tls) SSL secured MySQL database, Istio, and TLS Gateway
+* [Secure PostgreSQL without Istio](config/samples/secure-db/postgres) plain Kubernetes model registry services with a sample SSL secured PostgreSQL database
+* [Secure PostgreSQL with Istio](config/samples/secure-db/postgres-tls) SSL secured PostgreSQL database, Istio, and TLS Gateway
 
 #### Istio Samples
 **WARNING:** Istio samples without TLS are only meant for testing and demos to avoid having to create TLS certificates. They should only be used in local development clusters. 
@@ -152,6 +154,8 @@ kubectl apply -k config/samples/istio/mysql-tls
 kubectl apply -k config/samples/istio/postgres-tls
 kubectl apply -k config/samples/secure-db/mysql
 kubectl apply -k config/samples/secure-db/mysql-tls
+kubectl apply -k config/samples/secure-db/postgres
+kubectl apply -k config/samples/secure-db/postgres-tls
 ```
 
 This will create the appropriate database and model registry resources, which will be reconciled in the controller to create a model registry deployment with other Kubernetes, Istio, and Authorino resources as needed.
diff --git a/config/samples/secure-db/components/postgres/kustomization.yaml b/config/samples/secure-db/components/postgres/kustomization.yaml
@@ -0,0 +1,15 @@
+apiVersion: kustomize.config.k8s.io/v1alpha1
+kind: Component
+## Append samples of your project ##
+
+# MySQL tls args patch
+patches:
+  - path: postgres-ssl-args.yaml
+    target:
+      group: apps
+      version: v1
+      kind: Deployment
+      name: model-registry-db
+  - path: secure_postgres_modelregistry.yaml
+
+#+kubebuilder:scaffold:manifestskustomizesamples
diff --git a/config/samples/secure-db/components/postgres/postgres-ssl-args.yaml b/config/samples/secure-db/components/postgres/postgres-ssl-args.yaml
@@ -0,0 +1,11 @@
+- op: add
+  path: /spec/template/spec/containers/0/args
+  value:
+    - -c
+    - ssl_cert_file=/etc/server-cert/tls.crt
+    - -c
+    - ssl_key_file=/etc/server-cert/tls.key
+    - -c
+    - ssl_ca_file=/etc/server-cert/ca.crt
+    - -c
+    - ssl=on
diff --git a/config/samples/secure-db/components/postgres/secure_postgres_modelregistry.yaml b/config/samples/secure-db/components/postgres/secure_postgres_modelregistry.yaml
@@ -0,0 +1,10 @@
+apiVersion: modelregistry.opendatahub.io/v1alpha1
+kind: ModelRegistry
+metadata:
+  name: modelregistry-sample
+spec:
+  postgres:
+    sslMode: verify-ca
+    sslRootCertificateSecret:
+      name: model-registry-db-credential
+      key: ca.crt
diff --git a/config/samples/secure-db/postgres-tls/kustomization.yaml b/config/samples/secure-db/postgres-tls/kustomization.yaml
@@ -0,0 +1,11 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+## Append samples of your project ##
+resources:
+  - ../../istio/postgres-tls
+
+components:
+  - ../components
+  - ../components/postgres
+
+#+kubebuilder:scaffold:manifestskustomizesamples
diff --git a/config/samples/secure-db/postgres/kustomization.yaml b/config/samples/secure-db/postgres/kustomization.yaml
@@ -0,0 +1,11 @@
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
+## Append samples of your project ##
+resources:
+  - ../../postgres
+
+components:
+  - ../components
+  - ../components/postgres
+
+#+kubebuilder:scaffold:manifestskustomizesamples
