bitnami pgsql improvements
ci / build (push) Waiting to run
Details
ci / build (push) Waiting to run
Details
This commit is contained in:
parent
c07e385bb7
commit
4f4c92036b
|
|
@ -11,3 +11,5 @@ dokku for Production, deployed with `git push`.
|
|||
(dokku is slowly being replaced by Kubernetes)
|
||||
|
||||
Kubernetes for Production, deployed using FluxCD
|
||||
|
||||
direnv for loading .envrc
|
||||
71
Makefile
71
Makefile
|
|
@ -17,80 +17,17 @@ flux:
|
|||
argo:
|
||||
helmsman --apply -f ./helmsman.argocd.yaml
|
||||
|
||||
namespaces:
|
||||
kubectl create namespace cert-manager
|
||||
kubectl create namespace futureporn
|
||||
|
||||
helmsman:
|
||||
helmsman --apply -f ./helmsman.yaml
|
||||
|
||||
deploy: helmsman secrets
|
||||
deploy:
|
||||
./scripts/k8s-namespaces.sh
|
||||
./scripts/k8s-secrets.sh
|
||||
./scripts/flux-bootstrap.sh
|
||||
|
||||
tilt:
|
||||
tilt up
|
||||
|
||||
secrets:
|
||||
|
||||
kubectl --namespace futureporn delete secret frp --ignore-not-found
|
||||
kubectl --namespace futureporn create secret generic frp \
|
||||
--from-literal=token=${FRP_TOKEN}
|
||||
|
||||
kubectl --namespace futureporn delete secret scout --ignore-not-found
|
||||
kubectl --namespace futureporn create secret generic scout \
|
||||
--from-literal=recentsToken=${SCOUT_RECENTS_TOKEN} \
|
||||
--from-literal=strapiApiKey=${SCOUT_STRAPI_API_KEY} \
|
||||
--from-literal=imapServer=${SCOUT_IMAP_SERVER} \
|
||||
--from-literal=imapPort=${SCOUT_IMAP_PORT} \
|
||||
--from-literal=imapUsername=${SCOUT_IMAP_USERNAME} \
|
||||
--from-literal=imapPassword=${SCOUT_IMAP_PASSWORD} \
|
||||
--from-literal=imapAccessToken=${SCOUT_IMAP_ACCESS_TOKEN} \
|
||||
|
||||
kubectl --namespace futureporn delete secret link2cid --ignore-not-found
|
||||
kubectl --namespace futureporn create secret generic link2cid \
|
||||
--from-literal=apiKey=${LINK2CID_API_KEY}
|
||||
|
||||
kubectl --namespace cert-manager delete secret vultr --ignore-not-found
|
||||
kubectl --namespace cert-manager create secret generic vultr \
|
||||
--from-literal=apiKey=${VULTR_API_KEY}
|
||||
|
||||
kubectl --namespace futureporn delete secret vultr --ignore-not-found
|
||||
kubectl --namespace futureporn create secret generic vultr \
|
||||
--from-literal=containerRegistryUsername=${VULTR_CONTAINER_REGISTRY_USERNAME} \
|
||||
--from-literal=apiKey=${VULTR_API_KEY}
|
||||
|
||||
kubectl --namespace futureporn delete secret postgres --ignore-not-found
|
||||
kubectl --namespace futureporn create secret generic postgres \
|
||||
--from-literal=password=${POSTGRES_PASSWORD}
|
||||
|
||||
kubectl --namespace futureporn delete secret pgadmin --ignore-not-found
|
||||
kubectl --namespace futureporn create secret generic pgadmin \
|
||||
--from-literal=defaultEmail=${PGADMIN_DEFAULT_EMAIL} \
|
||||
--from-literal=defaultPassword=${PGADMIN_DEFAULT_PASSWORD}
|
||||
|
||||
kubectl --namespace futureporn delete secret strapi --ignore-not-found
|
||||
kubectl --namespace futureporn create secret generic strapi \
|
||||
--from-literal=adminJwtSecret=${STRAPI_ADMIN_JWT_SECRET} \
|
||||
--from-literal=apiTokenSalt=${STRAPI_API_TOKEN_SALT} \
|
||||
--from-literal=appKeys=${STRAPI_APP_KEYS} \
|
||||
--from-literal=databaseUrl=postgres.futureporn.svc.cluster.local://${POSTGRES_USER}:${POSTGRES_PASSWORD}@${POSTGRES_HOST}:${POSTGRES_PORT}/${POSTGRES_DB} \
|
||||
--from-literal=databaseUrl=postgres.futureporn.svc.cluster.local://${POSTGRES_USER}:${POSTGRES_PASSWORD}@${POSTGRES_HOST}:${POSTGRES_PORT}/${POSTGRES_DB} \
|
||||
--from-literal=jwtSecret=${STRAPI_JWT_SECRET} \
|
||||
--from-literal=muxPlaybackRestrictionId=${MUX_PLAYBACK_RESTRICTION_ID} \
|
||||
--from-literal=muxSigningKeyPrivateKey=${MUX_SIGNING_KEY_PRIVATE_KEY} \
|
||||
--from-literal=s3UscBucketApplicationKey=${S3_USC_BUCKET_APPLICATION_KEY} \
|
||||
--from-literal=s3UscBucketEndpoint=${S3_USC_BUCKET_ENDPOINT} \
|
||||
--from-literal=s3UscBucketName=${S3_USC_BUCKET_NAME} \
|
||||
--from-literal=s3UscBucketKeyId=${S3_USC_BUCKET_KEY_ID} \
|
||||
--from-literal=s3UscBucketRegion=${S3_USC_BUCKET_REGION} \
|
||||
--from-literal=muxSigningKeyId=${MUX_SIGNING_KEY_ID} \
|
||||
--from-literal=strapiAdminEmail=${STRAPI_ADMIN_EMAIL} \
|
||||
--from-literal=sendgridApiKey=${SENDGRID_API_KEY} \
|
||||
--from-literal=cdnBucketUscUrl=${CDN_BUCKET_USC_URL} \
|
||||
--from-literal=transferTokenSalt=${TRANSFER_TOKEN_SALT}
|
||||
|
||||
kubectl --namespace futureporn delete secret realtime --ignore-not-found
|
||||
kubectl --namespace futureporn create secret generic realtime \
|
||||
--from-literal=postgresRealtimeConnectionString=${POSTGRES_REALTIME_CONNECTION_STRING}
|
||||
|
||||
define _script
|
||||
cat <<'EOF' | ctlptl apply -f -
|
||||
|
|
|
|||
|
|
@ -15,3 +15,4 @@ Stand up a kubernetes cluster.
|
|||
make argocd
|
||||
|
||||
Argo CD will watch the git repo for changes and deploy helm charts as necessary.
|
||||
|
||||
|
|
|
|||
|
|
@ -26,6 +26,8 @@ spec:
|
|||
values:
|
||||
fullnameOverride: windmill-postgresql
|
||||
postgresql:
|
||||
enabled: true
|
||||
architecture: standalone
|
||||
auth:
|
||||
database: windmill
|
||||
existingSecret: windmill-postgres
|
||||
|
|
|
|||
|
|
@ -73,7 +73,7 @@ spec:
|
|||
- --config.path
|
||||
- /config/server.yaml
|
||||
- --config.expand-env
|
||||
resources:
|
||||
resources:
|
||||
limits:
|
||||
cpu: 250m
|
||||
ephemeral-storage: 1Gi
|
||||
|
|
|
|||
|
|
@ -2,6 +2,29 @@
|
|||
|
||||
source .env
|
||||
|
||||
|
||||
kubectl --namespace futureporn delete secret windmill-postgresql --ignore-not-found
|
||||
# kubectl --namespace futureporn create secret generic windmill-postgresql \
|
||||
# --from-literal=postgres-password=${WINDMILL_POSTGRES_PASSWORD}
|
||||
## we do this so helm can adopt our pre-made secret @see https://github.com/helm/helm/pull/7649
|
||||
cat <<EOF | kubectl --namespace futureporn create -f-
|
||||
---
|
||||
data:
|
||||
postgres-password: $(echo -n $WINDMILL_POSTGRES_PASSWORD | base64)
|
||||
apiVersion: v1
|
||||
kind: Secret
|
||||
metadata:
|
||||
name: windmill-postgresql
|
||||
namespace: futureporn
|
||||
annotations:
|
||||
meta.helm.sh/release-namespace: futureporn
|
||||
meta.helm.sh/release-name: postgresql
|
||||
labels:
|
||||
app.kubernetes.io/managed-by: Helm
|
||||
app.kubernetes.io/instance: postgresql
|
||||
type: Opaque
|
||||
EOF
|
||||
|
||||
kubectl --namespace futureporn delete secret frp --ignore-not-found
|
||||
kubectl --namespace futureporn create secret generic frp \
|
||||
--from-literal=token=${FRP_TOKEN}
|
||||
|
|
@ -44,7 +67,6 @@ kubectl --namespace futureporn create secret generic strapi \
|
|||
--from-literal=apiTokenSalt=${STRAPI_API_TOKEN_SALT} \
|
||||
--from-literal=appKeys=${STRAPI_APP_KEYS} \
|
||||
--from-literal=databaseUrl=postgres.futureporn.svc.cluster.local://${POSTGRES_USER}:${POSTGRES_PASSWORD}@${POSTGRES_HOST}:${POSTGRES_PORT}/${POSTGRES_DB} \
|
||||
--from-literal=databaseUrl=postgres.futureporn.svc.cluster.local://${POSTGRES_USER}:${POSTGRES_PASSWORD}@${POSTGRES_HOST}:${POSTGRES_PORT}/${POSTGRES_DB} \
|
||||
--from-literal=jwtSecret=${STRAPI_JWT_SECRET} \
|
||||
--from-literal=muxPlaybackRestrictionId=${MUX_PLAYBACK_RESTRICTION_ID} \
|
||||
--from-literal=muxSigningKeyPrivateKey=${MUX_SIGNING_KEY_PRIVATE_KEY} \
|
||||
|
|
|
|||
Loading…
Reference in New Issue