opendevstack · BraisVQ · May 7, 2026 · Apr 28, 2026 · Apr 29, 2026 · Apr 29, 2026
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -8,7 +8,7 @@
 - Jenkins master and agent maintenance. Add Rhel9 variant and make it default ([#1361](https://github.com/opendevstack/ods-core/pull/1361))
 - Update tailor to 1.4.0 ([#1373](https://github.com/opendevstack/ods-core/pull/1373))
 - Update Jenkins java version to jdk 21 ([#1374](https://github.com/opendevstack/ods-core/pull/1374))
-- Add new configuration for the ODS API Service ([1375](https://github.com/opendevstack/ods-core/pull/1375))
+- Add new configuration for the ODS API Service ([1375](https://github.com/opendevstack/ods-core/pull/1375)) ([1377](https://github.com/opendevstack/ods-core/pull/1377))
 
 ### Fixed
 

diff --git a/Makefile b/Makefile
@@ -19,9 +19,6 @@ ifeq ($(INSECURE), $(filter $(INSECURE), true yes))
 endif
 
 # ODS API Service configuration files
-env ?= dev
-ENV ?= $(env)
-env := $(ENV)
 ODS_CONFIGURATION_DIR := ../ods-configuration
 ODS_CONFIGURATION_FULL_PATH := $(abspath $(ODS_CONFIGURATION_DIR))
 ODS_API_SERVICE_DATABASE_REPO := $(ODS_API_SERVICE_DIR:-.../ods-api-service)
@@ -190,19 +187,85 @@ start-opentelemetry-collector-build:
 	ocp-scripts/start-and-follow-build.sh --namespace $(ODS_NAMESPACE) --build-config opentelemetry-collector
 .PHONY: start-opentelemetry-collector-build
 
+####################
 # ODS API SERVICE
+####################
 ## Install or update Ods API Service.
-install-ods-api-service: start-ods-api-service-build apply-ods-api-service-chart configure-ods-api-service
+check-configuration-defined:
+ifndef env
+	$(error "Environment variable 'env' is not defined. Please set it to the desired environment (e.g., dev, staging, prod) before running this target.")
+endif
+
+	@if [ ! -d "../ods-api-service" ]; then \
+		echo "Error: ods-api-service directory not found at ../ods-api-service"; \
+		exit 1; \
+	fi
+	@if [ ! -d "$(ODS_CONFIGURATION_FULL_PATH)" ]; then \
+		echo "Error: ods-configuration directory not found at $(ODS_CONFIGURATION_FULL_PATH)"; \
+		exit 1; \
+	fi
+	@if [ ! -f "$(ODS_CONFIGURATION_FULL_PATH)/ods-core.values.yaml" ]; then \
+		echo "Error: File not found: $(ODS_CONFIGURATION_FULL_PATH)/ods-core.values.yaml"; \
+		exit 1; \
+	fi
+	@if [ ! -f "$(ODS_CONFIGURATION_FULL_PATH)/ods-core.secrets.enc.yaml" ]; then \
+		echo "Error: File not found: $(ODS_CONFIGURATION_FULL_PATH)/ods-core.secrets.enc.yaml"; \
+		exit 1; \
+	fi
+	@if [ ! -f "$(ODS_CONFIGURATION_FULL_PATH)/ods-api-service/values.yaml" ]; then \
+		echo "Error: File not found: $(ODS_CONFIGURATION_FULL_PATH)/ods-api-service/values.yaml"; \
+		exit 1; \
+	fi
+	@if [ ! -f "$(ODS_CONFIGURATION_FULL_PATH)/ods-api-service/secrets.enc.yaml" ]; then \
+		echo "Error: File not found: $(ODS_CONFIGURATION_FULL_PATH)/ods-api-service/secrets.enc.yaml"; \
+		exit 1; \
+	fi
+	@if [ ! -f "$(ODS_CONFIGURATION_FULL_PATH)/ods-api-service/$(env)/values.$(env).yaml" ]; then \
+		echo "Error: File not found: $(ODS_CONFIGURATION_FULL_PATH)/ods-api-service/$(env)/values.$(env).yaml"; \
+		exit 1; \
+	fi
+	@if [ ! -f "$(ODS_CONFIGURATION_FULL_PATH)/ods-api-service/$(env)/secrets.$(env).enc.yaml" ]; then \
+		echo "Error: File not found: $(ODS_CONFIGURATION_FULL_PATH)/ods-api-service/$(env)/secrets.$(env).enc.yaml"; \
+		exit 1; \
+	fi
+	@echo "All validation checks passed!"
+
+.PHONY: check-configuration-defined
+
+install-ods-api-service: \
+	check-configuration-defined \
+	start-ods-api-service-build \
+	start-ods-api-service-database-build \
+	apply-ods-api-service-database-chart \
+	configure-ods-api-service-database-backup \
+	ods-api-service-db-migration \
+	apply-ods-api-service-chart
 .PHONY: ods-api-service
 
 ## Start build of BuildConfig "Ods API Service".
 start-ods-api-service-build:
-	cd ods-api-service/build-config && oc process -f template.yaml -p ODS_NAMESPACE=$(ODS_NAMESPACE) -p ODS_IMAGE_TAG=$(ODS_IMAGE_TAG) -p BITBUCKET_URL=$(BITBUCKET_URL) -p ODS_BITBUCKET_PROJECT=$(ODS_BITBUCKET_PROJECT) -p ODS_GIT_REF=$(ODS_GIT_REF) -p ODS_API_SERVICE_VERSION=$(ODS_API_SERVICE_VERSION) | oc apply --namespace $(ODS_NAMESPACE) -f -
-	ocp-scripts/start-and-follow-build.sh --namespace $(ODS_NAMESPACE) --build-config ods-api-service && ocp-scripts/start-and-follow-build.sh --namespace $(ODS_NAMESPACE) --build-config ods-api-service-postgresql
+	cd ods-api-service/build-config && oc process -f template-ods-api-service.yaml \
+		-p ODS_NAMESPACE=$(ODS_NAMESPACE) \
+		-p ODS_IMAGE_TAG=$(ODS_IMAGE_TAG) \
+		-p BITBUCKET_URL=$(BITBUCKET_URL) \
+		-p ODS_BITBUCKET_PROJECT=$(ODS_BITBUCKET_PROJECT) \
+		-p ODS_GIT_REF=$(ODS_GIT_REF) \
+		-p ODS_API_SERVICE_VERSION=$(ODS_API_SERVICE_VERSION) | oc apply --namespace $(ODS_NAMESPACE) -f -
+	ocp-scripts/start-and-follow-build.sh --namespace $(ODS_NAMESPACE) --build-config ods-api-service
 .PHONY: start-ods-api-service-build
+## Start build of BuildConfig "Ods API Service Database".
+start-ods-api-service-database-build:
+	cd ods-api-service-database/build-config && oc process -f template-postgresql.yaml \
+		-p ODS_NAMESPACE=$(ODS_NAMESPACE) \
+		-p BITBUCKET_URL=$(BITBUCKET_URL) \
+		-p ODS_BITBUCKET_PROJECT=$(ODS_BITBUCKET_PROJECT) \
+		-p ODS_GIT_REF=$(ODS_GIT_REF) \
+		-p ODS_DATABASE_VERSION=$(ODS_DATABASE_VERSION) | oc apply --namespace $(ODS_NAMESPACE) -f -
+	ocp-scripts/start-and-follow-build.sh --namespace $(ODS_NAMESPACE) --build-config ods-api-service-postgresql
+.PHONY: start-ods-api-service-database-build
 
 ## Apply OpenShift resources related to the Ods API Service.
-apply-ods-api-service-chart:
+apply-ods-api-service-chart: check-configuration-defined
 	cd ods-api-service/chart && \
 	helm secrets upgrade --install --namespace $(ODS_NAMESPACE) \
 		-f $(ODS_CONFIGURATION_FULL_PATH)/ods-core.values.yaml \
@@ -220,17 +283,62 @@ apply-ods-api-service-chart:
 		--set global.registry=$(DOCKER_REGISTRY) \
 		--set global.componentId=ods-api-service \
 		--set imageNamespace=$(ODS_NAMESPACE) \
-		--set imageTag=$(ODS_IMAGE_TAG) \
+		--set imageTag=$(ODS_API_SERVICE_VERSION) \
 		--set global.imageNamespace=$(ODS_NAMESPACE) \
-		--set global.imageTag=$(ODS_IMAGE_TAG) \
+		--set global.imageTag=$(ODS_API_SERVICE_VERSION) \
 		--set ODS_OPENSHIFT_APP_DOMAIN=$(OPENSHIFT_APPS_BASEDOMAIN) \
 		ods-api-service . 
 .PHONY: apply-ods-api-service-chart
 
+## Apply OpenShift resources related to the Ods API Service Database.
+apply-ods-api-service-database-chart: check-configuration-defined
+	cd ods-api-service-database/chart && \
+	helm secrets upgrade --install --namespace $(ODS_NAMESPACE) \
+		-f $(ODS_CONFIGURATION_FULL_PATH)/ods-core.values.yaml \
+		-f $(ODS_CONFIGURATION_FULL_PATH)/ods-core.secrets.enc.yaml \
+		-f $(ODS_CONFIGURATION_FULL_PATH)/ods-api-service/values.yaml \
+		-f $(ODS_CONFIGURATION_FULL_PATH)/ods-api-service/secrets.enc.yaml \
+		-f $(ODS_CONFIGURATION_FULL_PATH)/ods-api-service/$(env)/values.$(env).yaml \
+		-f $(ODS_CONFIGURATION_FULL_PATH)/ods-api-service/$(env)/secrets.$(env).enc.yaml \
+		--set projectId=$(ODS_NAMESPACE) \
+		--set appSelector=app=ods-api-service \
+		--set registry=$(DOCKER_REGISTRY) \
+		--set componentId=ods-api-service \
+		--set global.projectId=$(ODS_NAMESPACE) \
+		--set global.appSelector=app=ods-api-service \
+		--set global.registry=$(DOCKER_REGISTRY) \
+		--set global.componentId=ods-api-service \
+		--set imageNamespace=$(ODS_NAMESPACE) \
+		--set imageTag=$(ODS_DATABASE_VERSION) \
+		--set global.imageNamespace=$(ODS_NAMESPACE) \
+		--set global.imageTag=$(ODS_DATABASE_VERSION) \
+		--set ODS_OPENSHIFT_APP_DOMAIN=$(OPENSHIFT_APPS_BASEDOMAIN) \
+		ods-api-service-postgresql . 
+.PHONY: apply-ods-api-service-database-chart
+
+## Run database migration for ODS API Service. This will port-forward the PostgreSQL service to localhost and run the migration command, then stop the port-forwarding.
+ods-api-service-db-migration:
+	@cd ../ods-api-service && { \
+		make db-port-forward NAMESPACE=$(ODS_NAMESPACE) & \
+		PF_PID=$$!; \
+		export ODS_API_SERVICE_DB_HOST=localhost \
+		       ODS_API_SERVICE_DB_PORT=5432 \
+		       ODS_API_SERVICE_DB_NAME=$(ODS_API_SERVICE_DB_NAME) \
+		       ODS_API_SERVICE_DB_USER=$(ODS_API_SERVICE_DB_USER) \
+		       ODS_API_SERVICE_DB_PASSWORD=$(ODS_API_SERVICE_DB_PASSWORD); \
+		make db-migrate; \
+		MIGRATE_RC=$$?; \
+		echo "Database migration completed. Stopping port-forwarding..."; \
+		kill $$PF_PID 2>/dev/null || true; \
+		wait $$PF_PID 2>/dev/null || true; \
+		exit $$MIGRATE_RC; \
+	}
+.PHONY: ods-api-service-db-migration
+
 ## Configure ODS API Service (sets up PostgreSQL superuser for backup operations).
-configure-ods-api-service:
-	cd ods-api-service && ./configure.sh --namespace $(ODS_NAMESPACE)
-.PHONY: configure-ods-api-service
+configure-ods-api-service-database-backup:
+	cd ods-api-service-database && ./configure.sh --namespace $(ODS_NAMESPACE)
+.PHONY: configure-ods-api-service-database-backup
 
 # BACKUP
 ## Create a backup of the current state.

diff --git a/ods-api-service-database/build-config/template-postgresql.yaml b/ods-api-service-database/build-config/template-postgresql.yaml
@@ -0,0 +1,79 @@
+---
+apiVersion: template.openshift.io/v1
+kind: Template
+metadata:
+  name: ods-api-service-database
+  annotations:
+    description: "Template for ODS API Service Database BuildConfig and ImageStream"
+parameters:
+  - name: ODS_NAMESPACE
+    description: "ODS namespace"
+    required: true
+  - name: BITBUCKET_URL
+    description: "Bitbucket URL"
+    required: true
+  - name: ODS_BITBUCKET_PROJECT
+    description: "ODS Bitbucket project key"
+    required: true
+  - name: ODS_GIT_REF
+    description: "Git reference (branch or tag)"
+    required: true
+  - name: ODS_DATABASE_VERSION
+    description: "Database image tag"
+    required: true
+objects:
+  # ImageStream for the ODS API Service PostgreSQL database
+  - apiVersion: image.openshift.io/v1
+    kind: ImageStream
+    metadata:
+      name: ods-api-service-postgresql
+      namespace: ${ODS_NAMESPACE}
+      labels:
+        app: ods-api-service
+        component: postgresql
+    spec:
+      lookupPolicy:
+        local: false
+
+  # BuildConfig for ODS API Service PostgreSQL database
+  # Uses Dockerfile.database (base: public.ecr.aws/docker/library/postgres:18-alpine + oc CLI)
+  - apiVersion: build.openshift.io/v1
+    kind: BuildConfig
+    metadata:
+      name: ods-api-service-postgresql
+      namespace: ${ODS_NAMESPACE}
+      labels:
+        app: ods-api-service
+        component: postgresql
+    spec:
+      nodeSelector: null
+      output:
+        to:
+          kind: ImageStreamTag
+          name: ods-api-service-postgresql:${ODS_DATABASE_VERSION}
+      resources:
+        limits:
+          cpu: '1'
+          memory: 2Gi
+        requests:
+          cpu: 200m
+          memory: 1Gi
+      successfulBuildsHistoryLimit: 5
+      failedBuildsHistoryLimit: 5
+      strategy:
+        type: Docker
+        dockerStrategy:
+          dockerfilePath: Dockerfile.database
+          forcePull: true
+          noCache: true
+      postCommit: {}
+      source:
+        type: Git
+        binary: null
+        git:
+          uri: ${BITBUCKET_URL}/scm/${ODS_BITBUCKET_PROJECT}/ods-core.git
+          ref: ${ODS_GIT_REF}
+        contextDir: ods-api-service-database/docker
+        sourceSecret:
+          name: cd-user-token
+      runPolicy: Serial
diff --git a/ods-api-service-database/chart/Chart.yaml b/ods-api-service-database/chart/Chart.yaml
@@ -0,0 +1,10 @@
+apiVersion: v2
+name: ods-api-service-postgresql
+description: A Helm chart for deploying ODS API Service on OpenShift
+type: application
+version: 0.1.0
+appVersion: "0.0.1"
+maintainers:
+  - name: ODS Team
+keywords:
+  - postgresql
diff --git a/.../templates/postgresql/cronjob-backup.yaml → .../templates/postgresql/cronjob-backup.yaml b/.../templates/postgresql/cronjob-backup.yaml → .../templates/postgresql/cronjob-backup.yaml
@@ -1,7 +1,7 @@
 apiVersion: batch/v1
 kind: CronJob
 metadata:
-  name: {{ include "chart.fullname" . }}-postgresql-backup
+  name: {{ include "chart.fullname" . }}-backup
   labels:
     {{- include "chart.labels" . | nindent 4 }}
     app.kubernetes.io/component: postgresql-backup
@@ -22,7 +22,7 @@ spec:
           serviceAccountName: ods-edit
           containers:
             - name: postgresql-backup
-              image: {{ .Values.postgresql.internalRegistry }}/{{ .Values.postgresql.odsNamespace }}/{{ include "chart.fullname" . }}-postgresql:{{ .Values.postgresql.odsImageTag }}
+              image: {{ .Values.postgresql.internalRegistry }}/{{ .Values.postgresql.odsNamespace }}/{{ include "chart.fullname" . }}:{{ .Values.postgresql.odsImageTag }}
               imagePullPolicy: Always
               resources:
                 limits:
@@ -37,7 +37,7 @@ spec:
                 - name: PGPASSWORD
                   valueFrom:
                     secretKeyRef:
-                      name: {{ include "chart.fullname" . }}-postgresql
+                      name: {{ include "chart.fullname" . }}
                       key: ODS_API_SERVICE_DB_SUPERUSER_PASSWORD
               command:
                 - /bin/bash
@@ -47,14 +47,14 @@ spec:
                   set -e
 
                   # Compute snapshot name
-                  SNAP_NAME="{{ include "chart.fullname" . }}-postgresql-snapshot-$(date +%Y-%m-%d-%H-%M-%S)"
-                  DB_HOST="{{ include "chart.fullname" . }}-postgresql"
+                  SNAP_NAME="{{ include "chart.fullname" . }}-snapshot-$(date +%Y-%m-%d-%H-%M-%S)"
+                  DB_HOST="{{ include "chart.fullname" . }}"
                   DB_USER="{{ .Values.postgresql.superuserName }}"
                   DB_NAME="{{ .Values.postgresql.databaseName }}"
                   ODS_NAMESPACE="{{ .Values.postgresql.odsNamespace }}"
                   STORAGE_CLASS="{{ .Values.postgresql.backup.snapshotStorageClass }}"
                   APP_NAME="{{ include "chart.fullname" . }}"
-                  PVC_NAME="postgresql-data-{{ include "chart.fullname" . }}-postgresql-0"
+                  PVC_NAME="postgresql-data-{{ include "chart.fullname" . }}-0"
 
                   echo "Starting PostgreSQL backup process..."
 

diff --git a/...ce/chart/templates/postgresql/secret.yaml → ...se/chart/templates/postgresql/secret.yaml b/...ce/chart/templates/postgresql/secret.yaml → ...se/chart/templates/postgresql/secret.yaml
@@ -4,7 +4,7 @@ metadata:
   labels:
     {{- include "chart.labels" . | nindent 4 }}
     app.kubernetes.io/component: postgresql
-  name: {{ include "chart.fullname" . }}-postgresql
+  name: {{ include "chart.fullname" . }}
 type: Opaque
 data:
   ODS_API_SERVICE_DB_NAME: {{ .Values.postgresql.databaseNameB64 }}

diff --git a/...e/chart/templates/postgresql/service.yaml → ...e/chart/templates/postgresql/service.yaml b/...e/chart/templates/postgresql/service.yaml → ...e/chart/templates/postgresql/service.yaml
@@ -6,14 +6,14 @@ metadata:
   labels:
     {{- include "chart.labels" . | nindent 4 }}
     app.kubernetes.io/component: postgresql
-  name: {{ include "chart.fullname" . }}-postgresql
+  name: {{ include "chart.fullname" . }}
 spec:
   ports:
     - name: postgresql
       port: 5432
       protocol: TCP
       targetPort: 5432
   selector:
-    app: {{ include "chart.fullname" . }}-postgresql
+    app: {{ include "chart.fullname" . }}
   sessionAffinity: None
   type: ClusterIP