[POLICY] Changes for postgresql

Added postgres and to Chart.yaml and values.yaml
Changed policy job to create dbs in posgres if used

Issue-ID: POLICY-2715
Change-Id: Ia81b56faad85cdcdb261c2f369887dad3eee092d
Signed-off-by: saul.gill <saul.gill@est.tech>
Signed-off-by: Wayne Dunican <wayne.dunican@est.tech>
diff --git a/kubernetes/.gitignore b/kubernetes/.gitignore
index bc3a4f1..f2b64de 100644
--- a/kubernetes/.gitignore
+++ b/kubernetes/.gitignore
@@ -1 +1,3 @@
 chartstorage/
+**/charts/*.tgz
+helm/plugins/deploy/cache/
diff --git a/kubernetes/policy/Chart.yaml b/kubernetes/policy/Chart.yaml
index 677271c..d3b3c7b 100755
--- a/kubernetes/policy/Chart.yaml
+++ b/kubernetes/policy/Chart.yaml
@@ -85,3 +85,10 @@
   - name: serviceAccount
     version: ~10.x-0
     repository: '@local'
+  - name: readinessCheck
+    version: ~10.x-0
+    repository: '@local'
+  - name: postgres
+    version: ~10.x-0
+    repository: '@local'
+    condition: global.postgres.localCluster
diff --git a/kubernetes/policy/resources/config/db-pg.sh b/kubernetes/policy/resources/config/db-pg.sh
new file mode 100644
index 0000000..f26a80f
--- /dev/null
+++ b/kubernetes/policy/resources/config/db-pg.sh
@@ -0,0 +1,29 @@
+#!/bin/sh
+#
+# ============LICENSE_START=======================================================
+# Copyright (C) 2021-2022 Nordix Foundation.
+# ================================================================================
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#    http://www.apache.org/licenses/LICENSE-2.0
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+# SPDX-License-Identifier: Apache-2.0
+# ============LICENSE_END=========================================================
+#
+
+#psql() { /usr/bin/psql  -h ${PG_HOST} -p ${PG_PORT} "$@"; };
+
+export PGPASSWORD=${PG_ADMIN_PASSWORD};
+
+psql -h ${PG_HOST} -p ${PG_PORT} -U postgres --command "CREATE USER ${PG_USER} WITH PASSWORD '${PG_USER_PASSWORD}'"
+
+for db in migration pooling policyadmin policyclamp operationshistory clampacm
+do
+    psql -h ${PG_HOST} -p ${PG_PORT} -U postgres --command "CREATE DATABASE ${db};"
+    psql -h ${PG_HOST} -p ${PG_PORT} -U postgres --command "GRANT ALL PRIVILEGES ON DATABASE ${db} TO ${PG_USER};"
+done
diff --git a/kubernetes/policy/resources/config/db_migrator_pg_policy_init.sh b/kubernetes/policy/resources/config/db_migrator_pg_policy_init.sh
new file mode 100644
index 0000000..53921ab
--- /dev/null
+++ b/kubernetes/policy/resources/config/db_migrator_pg_policy_init.sh
@@ -0,0 +1,21 @@
+#!/bin/sh
+{{/*
+# Copyright (C) 2022 Nordix Foundation.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+*/}}
+/opt/app/policy/bin/prepare_upgrade.sh ${SQL_DB}
+/opt/app/policy/bin/db-migrator-pg -s ${SQL_DB} -o upgrade
+rc=$?
+/opt/app/policy/bin/db-migrator-pg -s ${SQL_DB} -o report
+exit $rc
diff --git a/kubernetes/policy/templates/configmap.yaml b/kubernetes/policy/templates/configmap.yaml
index 17558f8..c8b01cc 100755
--- a/kubernetes/policy/templates/configmap.yaml
+++ b/kubernetes/policy/templates/configmap.yaml
@@ -1,7 +1,7 @@
 {{/*
 # Copyright © 2017 Amdocs, Bell Canada
 # Modifications Copyright © 2018, 2020 AT&T Intellectual Property
-# Modifications Copyright (C) 2021 Nordix Foundation.
+# Modifications Copyright (C) 2021-2022 Nordix Foundation.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
diff --git a/kubernetes/policy/templates/job.yaml b/kubernetes/policy/templates/job.yaml
index d59b5fe..9fea669 100755
--- a/kubernetes/policy/templates/job.yaml
+++ b/kubernetes/policy/templates/job.yaml
@@ -1,7 +1,7 @@
 {{/*
 # Copyright © 2018 Amdocs, Bell Canada
 # Modifications Copyright © 2020 AT&T Intellectual Property
-# Modifications Copyright (C) 2021 Nordix Foundation.
+# Modifications Copyright (C) 2022 Nordix Foundation.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -33,9 +33,9 @@
     spec:
       imagePullSecrets:
       - name: "{{ include "common.namespace" . }}-docker-registry-key"
-      initContainers:
+      initContainers: {{ if .Values.global.postgres.localCluster }}{{ include "common.readinessCheck.waitFor" . | nindent 6 }}{{ end }}
 #This container checks that all galera instances are up before initializing it.
-      - name: {{ include "common.name" . }}-readiness
+      - name: {{ include "common.name" . }}-mariadb-readiness
         image: {{ include "repositoryGenerator.image.readiness" . }}
         imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
         command:
@@ -71,6 +71,33 @@
           value: "{{ index .Values "mariadb-galera" "service" "internalPort" }}"
         resources:
 {{ include "common.resources" . }}
+      {{ if .Values.global.postgres.localCluster }}
+      - name: {{ include "common.release" . }}-policy-pg-config
+        image: {{ .Values.repository }}/{{ .Values.postgresImage }}
+        imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+        volumeMounts:
+          - mountPath: /docker-entrypoint-initdb.d/db-pg.sh
+            name: {{ include "common.fullname" . }}-config
+            subPath: db-pg.sh
+        command:
+          - /bin/sh
+        args:
+          - -x
+          - /docker-entrypoint-initdb.d/db-pg.sh
+        env:
+          - name: PG_ADMIN_PASSWORD
+            {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pg-root-pass" "key" "password") | indent 12 }}
+          - name: PG_HOST
+            value: "{{ .Values.postgres.service.name2 }}"
+          - name: PG_USER
+            {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pg-user-creds" "key" "login") | indent 12 }}
+          - name: PG_USER_PASSWORD
+            {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pg-user-creds" "key" "password") | indent 12 }}
+          - name: PG_PORT
+            value: "{{ .Values.postgres.service.internalPort }}"
+        resources:
+{{ include "common.resources" . }}
+      {{ end }}
       containers:
       - name: {{ include "common.release" . }}-policy-galera-db-migrator
         image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.dbmigrator.image }}
@@ -95,8 +122,41 @@
           value: {{ .Values.dbmigrator.schema }}
         - name: POLICY_HOME
           value: {{ .Values.dbmigrator.policy_home }}
+        - name: SCRIPT_DIRECTORY
+          value: "sql"
         resources:
 {{ include "common.resources" . }}
+      {{ if .Values.global.postgres.localCluster }}
+      - name: {{ include "common.release" . }}-policy-pg-db-migrator
+        image: {{ include "repositoryGenerator.repository" . }}/{{ .Values.dbmigrator.image }}
+        imagePullPolicy: {{ .Values.global.pullPolicy | default .Values.pullPolicy }}
+        volumeMounts:
+          - mountPath: /dbcmd-config/db_migrator_pg_policy_init.sh
+            name: {{ include "common.fullname" . }}-config
+            subPath: db_migrator_pg_policy_init.sh
+        command:
+          - /bin/sh
+        args:
+          - -x
+          - /dbcmd-config/db_migrator_pg_policy_init.sh
+        env:
+        - name: SQL_HOST
+          value: "{{ .Values.postgres.service.name2 }}"
+        - name: SQL_USER
+          {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pg-user-creds" "key" "login") | indent 10 }}
+        - name: SQL_PASSWORD
+          {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pg-user-creds" "key" "password") | indent 10 }}
+        - name: SQL_DB
+          value: {{ .Values.dbmigrator.schema }}
+        - name: POLICY_HOME
+          value: {{ .Values.dbmigrator.policy_home }}
+        - name: SCRIPT_DIRECTORY
+          value: "postgres"
+        - name: PGPASSWORD
+          {{- include "common.secret.envFromSecretFast" (dict "global" . "uid" "pg-user-creds" "key" "password") | indent 10 }}
+        resources:
+{{ include "common.resources" . }}
+      {{ end }}
       restartPolicy: Never
       serviceAccountName: {{ include "common.fullname" (dict "suffix" "read" "dot" . )}}
       volumes:
@@ -108,3 +168,8 @@
                 path: db.sh
               - key: db_migrator_policy_init.sh
                 path: db_migrator_policy_init.sh
+              - key: db-pg.sh
+                path: db-pg.sh
+              - key: db_migrator_pg_policy_init.sh
+                path: db_migrator_pg_policy_init.sh
+
diff --git a/kubernetes/policy/values.yaml b/kubernetes/policy/values.yaml
index 6ef71c1..a315bc2 100755
--- a/kubernetes/policy/values.yaml
+++ b/kubernetes/policy/values.yaml
@@ -28,6 +28,14 @@
       name: &policy-mariadb policy-mariadb
       internalPort: 3306
   prometheusEnabled: false
+  postgres:
+    localCluster: false
+    service:
+      name: pgset
+      name2: tcp-pgset-primary
+      name3: tcp-pgset-replica
+    container:
+      name: postgres
 
 #################################################################
 # Secrets metaconfig
@@ -67,6 +75,19 @@
     login: '{{ .Values.restServer.policyApiUserName }}'
     password: '{{ .Values.restServer.policyApiUserPassword }}'
     passwordPolicy: required
+  - uid: pg-root-pass
+    name: &pgRootPassSecretName '{{ include "common.release" . }}-policy-pg-root-pass'
+    type: password
+    externalSecret: '{{ ternary "" (tpl (default "" .Values.postgres.config.pgRootPasswordExternalSecret) .) (hasSuffix "policy-pg-root-pass" .Values.postgres.config.pgRootPasswordExternalSecret) }}'
+    password: '{{ .Values.postgres.config.pgRootpassword }}'
+    policy: generate
+  - uid: pg-user-creds
+    name: &pgUserCredsSecretName '{{ include "common.release" . }}-policy-pg-user-creds'
+    type: basicAuth
+    externalSecret: '{{ ternary "" (tpl (default "" .Values.postgres.config.pgUserExternalSecret) .) (hasSuffix "policy-pg-user-creds" .Values.postgres.config.pgUserExternalSecret) }}'
+    login: '{{ .Values.postgres.config.pgUserName }}'
+    password: '{{ .Values.postgres.config.pgUserPassword }}'
+    passwordPolicy: generate
 
 db: &dbSecretsHook
   credsExternalSecret: *dbSecretName
@@ -181,6 +202,31 @@
   serviceAccount:
     nameOverride: *policy-mariadb
 
+postgresImage: library/postgres:latest
+# application configuration override for postgres
+postgres:
+  nameOverride: &postgresName policy-postgres
+  service:
+    name: *postgresName
+    name2: policy-pg-primary
+    name3: policy-pg-replica
+  container:
+    name:
+      primary: policy-pg-primary
+      replica: policy-pg-replica
+  persistence:
+    mountSubPath: policy/postgres/data
+    mountInitPath: policy
+  config:
+    pgUserName: policy_user
+    pgDatabase: policyadmin
+    pgUserExternalSecret: *pgUserCredsSecretName
+    pgRootPasswordExternalSecret: *pgRootPassSecretName
+
+readinessCheck:
+  wait_for:
+    - '{{ ternary .Values.postgres.service.name "postgres" .Values.global.postgres.localCluster }}'
+
 restServer:
   policyPapUserName: policyadmin
   policyPapUserPassword: zb!XztG34