bitnami pgsql improvements
ci / build (push) Waiting to run Details

This commit is contained in:
CJ_Clippy 2024-05-28 13:28:35 -08:00
parent c07e385bb7
commit 4f4c92036b
6 changed files with 33 additions and 69 deletions

View File

@ -11,3 +11,5 @@ dokku for Production, deployed with `git push`.
(dokku is slowly being replaced by Kubernetes)
Kubernetes for Production, deployed using FluxCD
direnv for loading .envrc

View File

@ -17,80 +17,17 @@ flux:
argo:
helmsman --apply -f ./helmsman.argocd.yaml
namespaces:
kubectl create namespace cert-manager
kubectl create namespace futureporn
helmsman:
helmsman --apply -f ./helmsman.yaml
deploy: helmsman secrets
deploy:
./scripts/k8s-namespaces.sh
./scripts/k8s-secrets.sh
./scripts/flux-bootstrap.sh
tilt:
tilt up
secrets:
kubectl --namespace futureporn delete secret frp --ignore-not-found
kubectl --namespace futureporn create secret generic frp \
--from-literal=token=${FRP_TOKEN}
kubectl --namespace futureporn delete secret scout --ignore-not-found
kubectl --namespace futureporn create secret generic scout \
--from-literal=recentsToken=${SCOUT_RECENTS_TOKEN} \
--from-literal=strapiApiKey=${SCOUT_STRAPI_API_KEY} \
--from-literal=imapServer=${SCOUT_IMAP_SERVER} \
--from-literal=imapPort=${SCOUT_IMAP_PORT} \
--from-literal=imapUsername=${SCOUT_IMAP_USERNAME} \
--from-literal=imapPassword=${SCOUT_IMAP_PASSWORD} \
--from-literal=imapAccessToken=${SCOUT_IMAP_ACCESS_TOKEN} \
kubectl --namespace futureporn delete secret link2cid --ignore-not-found
kubectl --namespace futureporn create secret generic link2cid \
--from-literal=apiKey=${LINK2CID_API_KEY}
kubectl --namespace cert-manager delete secret vultr --ignore-not-found
kubectl --namespace cert-manager create secret generic vultr \
--from-literal=apiKey=${VULTR_API_KEY}
kubectl --namespace futureporn delete secret vultr --ignore-not-found
kubectl --namespace futureporn create secret generic vultr \
--from-literal=containerRegistryUsername=${VULTR_CONTAINER_REGISTRY_USERNAME} \
--from-literal=apiKey=${VULTR_API_KEY}
kubectl --namespace futureporn delete secret postgres --ignore-not-found
kubectl --namespace futureporn create secret generic postgres \
--from-literal=password=${POSTGRES_PASSWORD}
kubectl --namespace futureporn delete secret pgadmin --ignore-not-found
kubectl --namespace futureporn create secret generic pgadmin \
--from-literal=defaultEmail=${PGADMIN_DEFAULT_EMAIL} \
--from-literal=defaultPassword=${PGADMIN_DEFAULT_PASSWORD}
kubectl --namespace futureporn delete secret strapi --ignore-not-found
kubectl --namespace futureporn create secret generic strapi \
--from-literal=adminJwtSecret=${STRAPI_ADMIN_JWT_SECRET} \
--from-literal=apiTokenSalt=${STRAPI_API_TOKEN_SALT} \
--from-literal=appKeys=${STRAPI_APP_KEYS} \
--from-literal=databaseUrl=postgres.futureporn.svc.cluster.local://${POSTGRES_USER}:${POSTGRES_PASSWORD}@${POSTGRES_HOST}:${POSTGRES_PORT}/${POSTGRES_DB} \
--from-literal=databaseUrl=postgres.futureporn.svc.cluster.local://${POSTGRES_USER}:${POSTGRES_PASSWORD}@${POSTGRES_HOST}:${POSTGRES_PORT}/${POSTGRES_DB} \
--from-literal=jwtSecret=${STRAPI_JWT_SECRET} \
--from-literal=muxPlaybackRestrictionId=${MUX_PLAYBACK_RESTRICTION_ID} \
--from-literal=muxSigningKeyPrivateKey=${MUX_SIGNING_KEY_PRIVATE_KEY} \
--from-literal=s3UscBucketApplicationKey=${S3_USC_BUCKET_APPLICATION_KEY} \
--from-literal=s3UscBucketEndpoint=${S3_USC_BUCKET_ENDPOINT} \
--from-literal=s3UscBucketName=${S3_USC_BUCKET_NAME} \
--from-literal=s3UscBucketKeyId=${S3_USC_BUCKET_KEY_ID} \
--from-literal=s3UscBucketRegion=${S3_USC_BUCKET_REGION} \
--from-literal=muxSigningKeyId=${MUX_SIGNING_KEY_ID} \
--from-literal=strapiAdminEmail=${STRAPI_ADMIN_EMAIL} \
--from-literal=sendgridApiKey=${SENDGRID_API_KEY} \
--from-literal=cdnBucketUscUrl=${CDN_BUCKET_USC_URL} \
--from-literal=transferTokenSalt=${TRANSFER_TOKEN_SALT}
kubectl --namespace futureporn delete secret realtime --ignore-not-found
kubectl --namespace futureporn create secret generic realtime \
--from-literal=postgresRealtimeConnectionString=${POSTGRES_REALTIME_CONNECTION_STRING}
define _script
cat <<'EOF' | ctlptl apply -f -

View File

@ -15,3 +15,4 @@ Stand up a kubernetes cluster.
make argocd
Argo CD will watch the git repo for changes and deploy helm charts as necessary.

View File

@ -26,6 +26,8 @@ spec:
values:
fullnameOverride: windmill-postgresql
postgresql:
enabled: true
architecture: standalone
auth:
database: windmill
existingSecret: windmill-postgres

View File

@ -73,7 +73,7 @@ spec:
- --config.path
- /config/server.yaml
- --config.expand-env
resources:
resources:
limits:
cpu: 250m
ephemeral-storage: 1Gi

View File

@ -2,6 +2,29 @@
source .env
kubectl --namespace futureporn delete secret windmill-postgresql --ignore-not-found
# kubectl --namespace futureporn create secret generic windmill-postgresql \
# --from-literal=postgres-password=${WINDMILL_POSTGRES_PASSWORD}
## we do this so helm can adopt our pre-made secret @see https://github.com/helm/helm/pull/7649
cat <<EOF | kubectl --namespace futureporn create -f-
---
data:
postgres-password: $(echo -n $WINDMILL_POSTGRES_PASSWORD | base64)
apiVersion: v1
kind: Secret
metadata:
name: windmill-postgresql
namespace: futureporn
annotations:
meta.helm.sh/release-namespace: futureporn
meta.helm.sh/release-name: postgresql
labels:
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/instance: postgresql
type: Opaque
EOF
kubectl --namespace futureporn delete secret frp --ignore-not-found
kubectl --namespace futureporn create secret generic frp \
--from-literal=token=${FRP_TOKEN}
@ -44,7 +67,6 @@ kubectl --namespace futureporn create secret generic strapi \
--from-literal=apiTokenSalt=${STRAPI_API_TOKEN_SALT} \
--from-literal=appKeys=${STRAPI_APP_KEYS} \
--from-literal=databaseUrl=postgres.futureporn.svc.cluster.local://${POSTGRES_USER}:${POSTGRES_PASSWORD}@${POSTGRES_HOST}:${POSTGRES_PORT}/${POSTGRES_DB} \
--from-literal=databaseUrl=postgres.futureporn.svc.cluster.local://${POSTGRES_USER}:${POSTGRES_PASSWORD}@${POSTGRES_HOST}:${POSTGRES_PORT}/${POSTGRES_DB} \
--from-literal=jwtSecret=${STRAPI_JWT_SECRET} \
--from-literal=muxPlaybackRestrictionId=${MUX_PLAYBACK_RESTRICTION_ID} \
--from-literal=muxSigningKeyPrivateKey=${MUX_SIGNING_KEY_PRIVATE_KEY} \