This project creates a hasura zero downtime deployment for scenarios when there is a rotating credential that expires after a certain duration and needs to be refreshed & reloaded into hasura as an environment variable.
Edit the ENV variables in the Dockerfile located at /Docker/Dockerfile. This file has two environment variables:
-
TOKEN_REFRESH_ENDPOINT - The endpoint of the IDP provider in which the token will need to be retrieved.
Example:
TOKEN_REFRESH_ENDPOINT:http://localhost:3414
-
TOKEN_REFRESH_PERIOD - The time period denoted in cron-tab that the (
secret-refresh-pod
) will run a job to refresh the token. I suggest not setting this value above 28 minutes to ensure there is a buffer between the token expiration and the time it takes for nodes to restart.Example: TOKEN_REFRESH_PERIOD:"* */25 * * * *"
-
Build the Dockerfile - In the Dockerfile directory /Docker/Dockerfile, build the Dockerfile using the tag 'secret-refresh-pod'
Example: Docker build -t 'secret-refresh-pod'
Edit the ENV variables in the K8s deployment file located at /k8s/Deployment. This file has two environment variables:
-
HASURA_GRAPHQL_DATABASE_URL: postgres DB connection string
Example: HASURA_GRAPHQL_DATABASE_URL:postgres://postgres:postgrespassword@10.100.140.14:5432/postgres
-
(OPTIONAL) JWT_SERVICE_TOKEN: this is the JWT env variable that will be refreshed. The name can changed.
kubectl apply -f db_pod.yaml
kubectl apply -f db_svc.yaml
kubectl apply -f scrt.yaml
kubectl apply -f role.yaml
kubectl apply -f deployment.yaml
kubectl apply -f deployment_svc.yaml