Skip to content

swh/scrubber: Fix journal checker client overrides

Vincent Sellier requested to merge scrubber-staging into staging

Related to swh/infra/sysadm-environment#5108 (closed)

helm diff
[swh] Comparing changes between branches production and scrubber-staging (per environment)...
M	swh/values/minikube.yaml
Your branch is up to date with 'origin/production'.
[swh] Generate config in production branch for environment staging, namespace swh...
[swh] Generate config in production branch for environment staging, namespace swh-cassandra...
[swh] Generate config in production branch for environment staging, namespace swh-cassandra-next-version...
M	swh/values/minikube.yaml
[swh] Generate config in scrubber-staging branch for environment staging...
[swh] Generate config in scrubber-staging branch for environment staging...
[swh] Generate config in scrubber-staging branch for environment staging...
M	swh/values/minikube.yaml
Your branch is up to date with 'origin/production'.
[swh] Generate config in production branch for environment production, namespace swh...
[swh] Generate config in production branch for environment production, namespace swh-cassandra...
[swh] Generate config in production branch for environment production, namespace swh-cassandra-next-version...
M	swh/values/minikube.yaml
[swh] Generate config in scrubber-staging branch for environment production...
[swh] Generate config in scrubber-staging branch for environment production...
[swh] Generate config in scrubber-staging branch for environment production...


------------- diff for environment staging namespace swh -------------

--- /tmp/swh-chart.swh.m0jEJ96G/staging-swh.before	2023-11-07 16:40:42.450456300 +0100
+++ /tmp/swh-chart.swh.m0jEJ96G/staging-swh.after	2023-11-07 16:40:43.126459760 +0100
@@ -3102,20 +3102,120 @@
 kind: ConfigMap
 metadata:
   name: scheduler-update-metrics-configuration-template
   namespace: swh
 data:
   config.yml.template: |
     scheduler:
       cls: remote
       url: http://scheduler.internal.staging.swh.network
 ---
+# Source: swh/templates/scrubber/journal-checker-configmap.yaml
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  namespace: swh
+  name: scrubber-journalchecker-directory-template
+data:
+  config.yml.template: |
+    scrubber:
+      cls: postgresql
+      db: host=db1.internal.staging.swh.network port=5432 user=swh-scrubber dbname=swh-scrubber password=${SCRUBBER_POSTGRESQL_PASSWORD}
+    journal:
+      brokers:
+        - journal1.internal.staging.swh.network:9094
+        - journal2.internal.staging.swh.network:9094
+      batch_size: 100
+      cls: kafka
+      group_id: swh-archive-stg-journalchecker
+      on_eof: restart
+      prefix: swh.journal.objects
+      sasl.mechanism: SCRAM-SHA-512
+      sasl.password: ${BROKER_USER_PASSWORD}
+      sasl.username: swh-archive-stg
+      security.protocol: SASL_SSL
+---
+# Source: swh/templates/scrubber/journal-checker-configmap.yaml
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  namespace: swh
+  name: scrubber-journalchecker-release-template
+data:
+  config.yml.template: |
+    scrubber:
+      cls: postgresql
+      db: host=db1.internal.staging.swh.network port=5432 user=swh-scrubber dbname=swh-scrubber password=${SCRUBBER_POSTGRESQL_PASSWORD}
+    journal:
+      brokers:
+        - journal1.internal.staging.swh.network:9094
+        - journal2.internal.staging.swh.network:9094
+      batch_size: 200
+      cls: kafka
+      group_id: swh-archive-stg-journalchecker
+      on_eof: restart
+      prefix: swh.journal.objects
+      privileged: true
+      sasl.mechanism: SCRAM-SHA-512
+      sasl.password: ${BROKER_USER_PASSWORD}
+      sasl.username: swh-archive-stg
+      security.protocol: SASL_SSL
+---
+# Source: swh/templates/scrubber/journal-checker-configmap.yaml
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  namespace: swh
+  name: scrubber-journalchecker-revision-template
+data:
+  config.yml.template: |
+    scrubber:
+      cls: postgresql
+      db: host=db1.internal.staging.swh.network port=5432 user=swh-scrubber dbname=swh-scrubber password=${SCRUBBER_POSTGRESQL_PASSWORD}
+    journal:
+      brokers:
+        - journal1.internal.staging.swh.network:9094
+        - journal2.internal.staging.swh.network:9094
+      cls: kafka
+      group_id: swh-archive-stg-journalchecker
+      on_eof: restart
+      prefix: swh.journal.objects
+      privileged: true
+      sasl.mechanism: SCRAM-SHA-512
+      sasl.password: ${BROKER_USER_PASSWORD}
+      sasl.username: swh-archive-stg
+      security.protocol: SASL_SSL
+---
+# Source: swh/templates/scrubber/journal-checker-configmap.yaml
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  namespace: swh
+  name: scrubber-journalchecker-snapshot-template
+data:
+  config.yml.template: |
+    scrubber:
+      cls: postgresql
+      db: host=db1.internal.staging.swh.network port=5432 user=swh-scrubber dbname=swh-scrubber password=${SCRUBBER_POSTGRESQL_PASSWORD}
+    journal:
+      brokers:
+        - journal1.internal.staging.swh.network:9094
+        - journal2.internal.staging.swh.network:9094
+      cls: kafka
+      group_id: swh-archive-stg-journalchecker
+      on_eof: restart
+      prefix: swh.journal.objects
+      sasl.mechanism: SCRAM-SHA-512
+      sasl.password: ${BROKER_USER_PASSWORD}
+      sasl.username: swh-archive-stg
+      security.protocol: SASL_SSL
+---
 # Source: swh/templates/search/journal-client-configmap.yaml
 apiVersion: v1
 kind: ConfigMap
 metadata:
   name: search-journal-client-indexed-configuration-template
   namespace: swh
 data:
   config.yml.template: |
     search:
       cls: remote
@@ -3906,23 +4006,30 @@
   name: toolbox-scrubber-journal-template
   namespace: swh
 data:
   config.yml.template: |
     
     scrubber:
       cls: postgresql
       db: host=db1.internal.staging.swh.network port=5432 user=swh-scrubber dbname=swh-scrubber password=${SCRUBBER_POSTGRESQL_PASSWORD}
     journal:
       brokers:
-        - journal1.internal.staging.swh.network
-        - journal2.internal.staging.swh.network
-      group_id: changeme
+        - journal1.internal.staging.swh.network:9094
+        - journal2.internal.staging.swh.network:9094
+      cls: kafka
+      group_id: swh-archive-stg-journalchecker
+      on_eof: restart
+      prefix: swh.journal.objects
+      sasl.mechanism: SCRAM-SHA-512
+      sasl.password: ${BROKER_USER_PASSWORD}
+      sasl.username: swh-archive-stg
+      security.protocol: SASL_SSL
 ---
 # Source: swh/templates/toolbox/configmap.yaml
 apiVersion: v1
 kind: ConfigMap
 metadata:
   name: toolbox-storage-template
   namespace: swh
 data:
   config.yml.template: |
     
@@ -10387,20 +10494,588 @@
       volumes:
       - name: configuration
         emptyDir: {}
       - name: configuration-template
         configMap:
           name: scheduler-rpc-configuration-template
           items:
           - key: "config.yml.template"
             path: "config.yml.template"
 ---
+# Source: swh/templates/scrubber/journal-checker-deployment.yaml
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: scrubber-journalchecker-directory
+  namespace: swh
+  labels:
+    app: scrubber-journalchecker-directory
+spec:
+  revisionHistoryLimit: 2
+  replicas: 1
+  selector:
+    matchLabels:
+      app: scrubber-journalchecker-directory
+  strategy:
+    type: RollingUpdate
+    rollingUpdate:
+      maxSurge: 1
+  template:
+    metadata:
+      labels:
+        app: scrubber-journalchecker-directory
+      annotations:
+        # Force a rollout upgrade if the configuration changes
+        checksum/config: 070ab4b7bea7898b75aec74ea0c11f3500065a486c7c3877080a6d1d65493a8c
+    spec:
+      affinity:
+        
+        nodeAffinity:
+          requiredDuringSchedulingIgnoredDuringExecution:
+            nodeSelectorTerms:
+            - matchExpressions:
+              - key: swh/scrubber
+                operator: In
+                values:
+                - "true"
+      priorityClassName: swh-background-workload
+      
+      initContainers:
+        - name: prepare-configuration
+          image: debian:bullseye
+          imagePullPolicy: IfNotPresent
+          env:
+          
+          - name: SCRUBBER_POSTGRESQL_PASSWORD
+            valueFrom:
+              secretKeyRef:
+                name: swh-scrubber-postgresql-common-secret
+                key: postgres-swh-scrubber-password
+                # 'name' secret must exist & include that ^ key
+                optional: false
+          
+          
+          - name: BROKER_USER_PASSWORD
+            valueFrom:
+              secretKeyRef:
+                name: swh-archive-broker-secret
+                key: BROKER_USER_PASSWORD
+                # 'name' secret must exist & include that ^ key
+                optional: false
+          command:
+          - /bin/bash
+          args:
+          - -c
+          - eval echo "\"$(</etc/swh/configuration-template/config.yml.template)\"" > /etc/swh/config.yml
+          volumeMounts:
+          - name: configuration
+            mountPath: /etc/swh
+          - name: configuration-template
+            mountPath: /etc/swh/configuration-template
+        # TODO: Add the "datastore" registration
+        # A workaround is needed as the registration is not idempotent
+        # and can be launched each time a journal client is launched
+        - name: check-migration
+          image: container-registry.softwareheritage.org/swh/infra/swh-apps/scrubber:20231026.1
+          command:
+          - /entrypoints/check-scrubber-db-version.sh
+          env:
+          - name: MODULE
+            value: scrubber
+          volumeMounts:
+          - name: configuration
+            mountPath: /etc/swh
+          - name: database-utils
+            mountPath: /entrypoints
+      containers:
+      - name: journal-checker
+        resources:
+          requests:
+            memory: 200Mi
+            cpu: 200m
+        image: container-registry.softwareheritage.org/swh/infra/swh-apps/scrubber:20231026.1
+        imagePullPolicy: IfNotPresent
+        command:
+          - /opt/swh/entrypoint.sh
+        args:
+          - swh
+          - scrubber
+          - check
+          - journal
+          - journal-checker-directory
+        env:
+        - name: STATSD_HOST
+          value: prometheus-statsd-exporter
+        - name: STATSD_PORT
+          value: "9125"
+        - name: MAX_TASKS_PER_CHILD
+          value: "1"
+        - name: LOGLEVEL
+          value: "INFO"
+        - name: SWH_CONFIG_FILENAME
+          value: /etc/swh/config.yml
+        - name: SWH_SENTRY_ENVIRONMENT
+          value: staging
+        - name: SWH_MAIN_PACKAGE
+          value: swh.deposit
+        - name: SWH_SENTRY_DSN
+          valueFrom:
+            secretKeyRef:
+              name: common-secrets
+              key: scrubber-sentry-dsn
+              # 'name' secret must exist & include key "host"
+              optional: false
+        
+        volumeMounts:
+          - name: configuration
+            mountPath: /etc/swh
+      volumes:
+      - name: configuration
+        emptyDir: {}
+      - name: configuration-template
+        configMap:
+          name: scrubber-journalchecker-directory-template
+          defaultMode: 0777
+          items:
+          - key: "config.yml.template"
+            path: "config.yml.template"
+      - name: database-utils
+        configMap:
+          name: database-utils
+          defaultMode: 0555
+---
+# Source: swh/templates/scrubber/journal-checker-deployment.yaml
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: scrubber-journalchecker-release
+  namespace: swh
+  labels:
+    app: scrubber-journalchecker-release
+spec:
+  revisionHistoryLimit: 2
+  replicas: 1
+  selector:
+    matchLabels:
+      app: scrubber-journalchecker-release
+  strategy:
+    type: RollingUpdate
+    rollingUpdate:
+      maxSurge: 1
+  template:
+    metadata:
+      labels:
+        app: scrubber-journalchecker-release
+      annotations:
+        # Force a rollout upgrade if the configuration changes
+        checksum/config: d273c3a7f874e95255ea0d4e0acdd5e5915e13ab7bcc26edbff93a2c46d7725c
+    spec:
+      affinity:
+        
+        nodeAffinity:
+          requiredDuringSchedulingIgnoredDuringExecution:
+            nodeSelectorTerms:
+            - matchExpressions:
+              - key: swh/scrubber
+                operator: In
+                values:
+                - "true"
+      priorityClassName: swh-background-workload
+      
+      initContainers:
+        - name: prepare-configuration
+          image: debian:bullseye
+          imagePullPolicy: IfNotPresent
+          env:
+          
+          - name: SCRUBBER_POSTGRESQL_PASSWORD
+            valueFrom:
+              secretKeyRef:
+                name: swh-scrubber-postgresql-common-secret
+                key: postgres-swh-scrubber-password
+                # 'name' secret must exist & include that ^ key
+                optional: false
+          
+          
+          - name: BROKER_USER_PASSWORD
+            valueFrom:
+              secretKeyRef:
+                name: swh-archive-broker-secret
+                key: BROKER_USER_PASSWORD
+                # 'name' secret must exist & include that ^ key
+                optional: false
+          command:
+          - /bin/bash
+          args:
+          - -c
+          - eval echo "\"$(</etc/swh/configuration-template/config.yml.template)\"" > /etc/swh/config.yml
+          volumeMounts:
+          - name: configuration
+            mountPath: /etc/swh
+          - name: configuration-template
+            mountPath: /etc/swh/configuration-template
+        # TODO: Add the "datastore" registration
+        # A workaround is needed as the registration is not idempotent
+        # and can be launched each time a journal client is launched
+        - name: check-migration
+          image: container-registry.softwareheritage.org/swh/infra/swh-apps/scrubber:20231026.1
+          command:
+          - /entrypoints/check-scrubber-db-version.sh
+          env:
+          - name: MODULE
+            value: scrubber
+          volumeMounts:
+          - name: configuration
+            mountPath: /etc/swh
+          - name: database-utils
+            mountPath: /entrypoints
+      containers:
+      - name: journal-checker
+        resources:
+          requests:
+            memory: 200Mi
+            cpu: 500m
+        image: container-registry.softwareheritage.org/swh/infra/swh-apps/scrubber:20231026.1
+        imagePullPolicy: IfNotPresent
+        command:
+          - /opt/swh/entrypoint.sh
+        args:
+          - swh
+          - scrubber
+          - check
+          - journal
+          - journal-checker-release
+        env:
+        - name: STATSD_HOST
+          value: prometheus-statsd-exporter
+        - name: STATSD_PORT
+          value: "9125"
+        - name: MAX_TASKS_PER_CHILD
+          value: "1"
+        - name: LOGLEVEL
+          value: "INFO"
+        - name: SWH_CONFIG_FILENAME
+          value: /etc/swh/config.yml
+        - name: SWH_SENTRY_ENVIRONMENT
+          value: staging
+        - name: SWH_MAIN_PACKAGE
+          value: swh.deposit
+        - name: SWH_SENTRY_DSN
+          valueFrom:
+            secretKeyRef:
+              name: common-secrets
+              key: scrubber-sentry-dsn
+              # 'name' secret must exist & include key "host"
+              optional: false
+        
+        volumeMounts:
+          - name: configuration
+            mountPath: /etc/swh
+      volumes:
+      - name: configuration
+        emptyDir: {}
+      - name: configuration-template
+        configMap:
+          name: scrubber-journalchecker-release-template
+          defaultMode: 0777
+          items:
+          - key: "config.yml.template"
+            path: "config.yml.template"
+      - name: database-utils
+        configMap:
+          name: database-utils
+          defaultMode: 0555
+---
+# Source: swh/templates/scrubber/journal-checker-deployment.yaml
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: scrubber-journalchecker-revision
+  namespace: swh
+  labels:
+    app: scrubber-journalchecker-revision
+spec:
+  revisionHistoryLimit: 2
+  replicas: 1
+  selector:
+    matchLabels:
+      app: scrubber-journalchecker-revision
+  strategy:
+    type: RollingUpdate
+    rollingUpdate:
+      maxSurge: 1
+  template:
+    metadata:
+      labels:
+        app: scrubber-journalchecker-revision
+      annotations:
+        # Force a rollout upgrade if the configuration changes
+        checksum/config: be6af30fd0dc7db8f3969e913ef643e72e68ddb3db134dd5d18756e0e613f31d
+    spec:
+      affinity:
+        
+        nodeAffinity:
+          requiredDuringSchedulingIgnoredDuringExecution:
+            nodeSelectorTerms:
+            - matchExpressions:
+              - key: swh/scrubber
+                operator: In
+                values:
+                - "true"
+      priorityClassName: swh-background-workload
+      
+      initContainers:
+        - name: prepare-configuration
+          image: debian:bullseye
+          imagePullPolicy: IfNotPresent
+          env:
+          
+          - name: SCRUBBER_POSTGRESQL_PASSWORD
+            valueFrom:
+              secretKeyRef:
+                name: swh-scrubber-postgresql-common-secret
+                key: postgres-swh-scrubber-password
+                # 'name' secret must exist & include that ^ key
+                optional: false
+          
+          
+          - name: BROKER_USER_PASSWORD
+            valueFrom:
+              secretKeyRef:
+                name: swh-archive-broker-secret
+                key: BROKER_USER_PASSWORD
+                # 'name' secret must exist & include that ^ key
+                optional: false
+          command:
+          - /bin/bash
+          args:
+          - -c
+          - eval echo "\"$(</etc/swh/configuration-template/config.yml.template)\"" > /etc/swh/config.yml
+          volumeMounts:
+          - name: configuration
+            mountPath: /etc/swh
+          - name: configuration-template
+            mountPath: /etc/swh/configuration-template
+        # TODO: Add the "datastore" registration
+        # A workaround is needed as the registration is not idempotent
+        # and can be launched each time a journal client is launched
+        - name: check-migration
+          image: container-registry.softwareheritage.org/swh/infra/swh-apps/scrubber:20231026.1
+          command:
+          - /entrypoints/check-scrubber-db-version.sh
+          env:
+          - name: MODULE
+            value: scrubber
+          volumeMounts:
+          - name: configuration
+            mountPath: /etc/swh
+          - name: database-utils
+            mountPath: /entrypoints
+      containers:
+      - name: journal-checker
+        resources:
+          requests:
+            memory: 250Mi
+            cpu: 600m
+        image: container-registry.softwareheritage.org/swh/infra/swh-apps/scrubber:20231026.1
+        imagePullPolicy: IfNotPresent
+        command:
+          - /opt/swh/entrypoint.sh
+        args:
+          - swh
+          - scrubber
+          - check
+          - journal
+          - journal-checker-revision
+        env:
+        - name: STATSD_HOST
+          value: prometheus-statsd-exporter
+        - name: STATSD_PORT
+          value: "9125"
+        - name: MAX_TASKS_PER_CHILD
+          value: "1"
+        - name: LOGLEVEL
+          value: "INFO"
+        - name: SWH_CONFIG_FILENAME
+          value: /etc/swh/config.yml
+        - name: SWH_SENTRY_ENVIRONMENT
+          value: staging
+        - name: SWH_MAIN_PACKAGE
+          value: swh.deposit
+        - name: SWH_SENTRY_DSN
+          valueFrom:
+            secretKeyRef:
+              name: common-secrets
+              key: scrubber-sentry-dsn
+              # 'name' secret must exist & include key "host"
+              optional: false
+        
+        volumeMounts:
+          - name: configuration
+            mountPath: /etc/swh
+      volumes:
+      - name: configuration
+        emptyDir: {}
+      - name: configuration-template
+        configMap:
+          name: scrubber-journalchecker-revision-template
+          defaultMode: 0777
+          items:
+          - key: "config.yml.template"
+            path: "config.yml.template"
+      - name: database-utils
+        configMap:
+          name: database-utils
+          defaultMode: 0555
+---
+# Source: swh/templates/scrubber/journal-checker-deployment.yaml
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: scrubber-journalchecker-snapshot
+  namespace: swh
+  labels:
+    app: scrubber-journalchecker-snapshot
+spec:
+  revisionHistoryLimit: 2
+  replicas: 1
+  selector:
+    matchLabels:
+      app: scrubber-journalchecker-snapshot
+  strategy:
+    type: RollingUpdate
+    rollingUpdate:
+      maxSurge: 1
+  template:
+    metadata:
+      labels:
+        app: scrubber-journalchecker-snapshot
+      annotations:
+        # Force a rollout upgrade if the configuration changes
+        checksum/config: 5dfb32abaa02111c16fac8dc0cfda4410ce19145fc2b1b20bd16cab8d4971f02
+    spec:
+      affinity:
+        
+        nodeAffinity:
+          requiredDuringSchedulingIgnoredDuringExecution:
+            nodeSelectorTerms:
+            - matchExpressions:
+              - key: swh/scrubber
+                operator: In
+                values:
+                - "true"
+      priorityClassName: swh-background-workload
+      
+      initContainers:
+        - name: prepare-configuration
+          image: debian:bullseye
+          imagePullPolicy: IfNotPresent
+          env:
+          
+          - name: SCRUBBER_POSTGRESQL_PASSWORD
+            valueFrom:
+              secretKeyRef:
+                name: swh-scrubber-postgresql-common-secret
+                key: postgres-swh-scrubber-password
+                # 'name' secret must exist & include that ^ key
+                optional: false
+          
+          
+          - name: BROKER_USER_PASSWORD
+            valueFrom:
+              secretKeyRef:
+                name: swh-archive-broker-secret
+                key: BROKER_USER_PASSWORD
+                # 'name' secret must exist & include that ^ key
+                optional: false
+          command:
+          - /bin/bash
+          args:
+          - -c
+          - eval echo "\"$(</etc/swh/configuration-template/config.yml.template)\"" > /etc/swh/config.yml
+          volumeMounts:
+          - name: configuration
+            mountPath: /etc/swh
+          - name: configuration-template
+            mountPath: /etc/swh/configuration-template
+        # TODO: Add the "datastore" registration
+        # A workaround is needed as the registration is not idempotent
+        # and can be launched each time a journal client is launched
+        - name: check-migration
+          image: container-registry.softwareheritage.org/swh/infra/swh-apps/scrubber:20231026.1
+          command:
+          - /entrypoints/check-scrubber-db-version.sh
+          env:
+          - name: MODULE
+            value: scrubber
+          volumeMounts:
+          - name: configuration
+            mountPath: /etc/swh
+          - name: database-utils
+            mountPath: /entrypoints
+      containers:
+      - name: journal-checker
+        resources:
+          requests:
+            memory: 250Mi
+            cpu: 1
+        image: container-registry.softwareheritage.org/swh/infra/swh-apps/scrubber:20231026.1
+        imagePullPolicy: IfNotPresent
+        command:
+          - /opt/swh/entrypoint.sh
+        args:
+          - swh
+          - scrubber
+          - check
+          - journal
+          - journal-checker-snapshot
+        env:
+        - name: STATSD_HOST
+          value: prometheus-statsd-exporter
+        - name: STATSD_PORT
+          value: "9125"
+        - name: MAX_TASKS_PER_CHILD
+          value: "1"
+        - name: LOGLEVEL
+          value: "INFO"
+        - name: SWH_CONFIG_FILENAME
+          value: /etc/swh/config.yml
+        - name: SWH_SENTRY_ENVIRONMENT
+          value: staging
+        - name: SWH_MAIN_PACKAGE
+          value: swh.deposit
+        - name: SWH_SENTRY_DSN
+          valueFrom:
+            secretKeyRef:
+              name: common-secrets
+              key: scrubber-sentry-dsn
+              # 'name' secret must exist & include key "host"
+              optional: false
+        
+        volumeMounts:
+          - name: configuration
+            mountPath: /etc/swh
+      volumes:
+      - name: configuration
+        emptyDir: {}
+      - name: configuration-template
+        configMap:
+          name: scrubber-journalchecker-snapshot-template
+          defaultMode: 0777
+          items:
+          - key: "config.yml.template"
+            path: "config.yml.template"
+      - name: database-utils
+        configMap:
+          name: database-utils
+          defaultMode: 0555
+---
 # Source: swh/templates/search/journal-client-deployment.yaml
 apiVersion: apps/v1
 kind: Deployment
 metadata:
   namespace: swh
   name: search-journal-client-indexed
   labels:
     app: search-journal-client-indexed
 spec:
   revisionHistoryLimit: 2
@@ -12241,21 +12916,21 @@
   strategy:
     type: RollingUpdate
     rollingUpdate:
       maxSurge: 1
   template:
     metadata:
       labels:
         app: swh-toolbox
       annotations:
         # Force a rollout upgrade if the configuration changes
-        checksum/config: f7550fb654477362aa653fb0ae33cd005a4fe6d2719e39fc314bf691a48c82b0
+        checksum/config: 613fdfd914645f2cb235466a4ce8d78239fd05f84bf4971f04a6653c9eab1e62
         checksum/configScript: 2f52c9c95b13a0c755571c6a81681958552538cbf149b458241f7c36a8bbb01f
     spec:
       priorityClassName: swh-tools
       
       initContainers:
         - name: prepare-configuration-indexer-storage
           image: debian:bullseye
           imagePullPolicy: IfNotPresent
           command:
           - /bin/bash
@@ -12309,20 +12984,27 @@
         - name: prepare-configuration-scrubber-journal
           image: debian:bullseye
           imagePullPolicy: IfNotPresent
           command:
           - /bin/bash
           args:
           - -c
           - eval echo "\"$(</etc/swh/configuration-template/config.yml.template)\"" > /etc/swh/config-scrubber-journal.yml
           env:
           
+          - name: BROKER_USER_PASSWORD
+            valueFrom:
+              secretKeyRef:
+                name: swh-archive-broker-secret
+                key: BROKER_USER_PASSWORD
+                # 'name' secret must exist & include that ^ key
+                optional: false
           
           - name: SCRUBBER_POSTGRESQL_PASSWORD
             valueFrom:
               secretKeyRef:
                 name: swh-scrubber-postgresql-common-secret
                 key: postgres-swh-scrubber-password
                 # 'name' secret must exist & include that ^ key
                 optional: false
           volumeMounts:
           - name: configuration


------------- diff for environment staging namespace swh-cassandra -------------

No differences


------------- diff for environment staging namespace swh-cassandra-next-version -------------

No differences


------------- diff for environment production namespace swh -------------

--- /tmp/swh-chart.swh.m0jEJ96G/production-swh.before	2023-11-07 16:40:43.866463547 +0100
+++ /tmp/swh-chart.swh.m0jEJ96G/production-swh.after	2023-11-07 16:40:44.190465205 +0100
@@ -5138,21 +5138,21 @@
     
     scrubber:
       cls: postgresql
       db: host=db.internal.softwareheritage.org port=5432 user=swh-scrubber dbname=swh-scrubber password=${SCRUBBER_POSTGRESQL_PASSWORD}
     journal:
       brokers:
         - kafka1.internal.softwareheritage.org
         - kafka2.internal.softwareheritage.org
         - kafka3.internal.softwareheritage.org
         - kafka4.internal.softwareheritage.org
-      group_id: changeme
+      group_id: swh.scheduler.journal_client
 ---
 # Source: swh/templates/toolbox/configmap.yaml
 apiVersion: v1
 kind: ConfigMap
 metadata:
   name: toolbox-storage-template
   namespace: swh
 data:
   config.yml.template: |
     
@@ -14300,21 +14300,21 @@
   strategy:
     type: RollingUpdate
     rollingUpdate:
       maxSurge: 1
   template:
     metadata:
       labels:
         app: swh-toolbox
       annotations:
         # Force a rollout upgrade if the configuration changes
-        checksum/config: b679c698c085f8eaf4931fdc0e47dbf37a03163a5193e45c7c7148bcf9f8de1d
+        checksum/config: 6f91b8d110abfbf1f0b91a13e382b9b81520f1241be1062d4dfe487fc1d705ce
         checksum/configScript: efeecbb356cb04184a3c2ca2f60f2d08c634f34f1ce4bc6a6ebf937b34fadcbf
     spec:
       priorityClassName: swh-tools
       
       initContainers:
         - name: prepare-configuration-indexer-storage
           image: debian:bullseye
           imagePullPolicy: IfNotPresent
           command:
           - /bin/bash


------------- diff for environment production namespace swh-cassandra -------------

No differences
Edited by Vincent Sellier

Merge request reports