From 4f4c92036bc80b39c7a5f8dc00ca58655f8668da Mon Sep 17 00:00:00 2001
From: CJ_Clippy <cj@futureporn.net>
Date: Tue, 28 May 2024 13:28:35 -0800
Subject: [PATCH] bitnami pgsql improvements

---
 ARCHITECHTURE.md                 |  2 +
 Makefile                         | 71 ++------------------------------
 README.md                        |  1 +
 apps/base/windmill/windmill.yaml |  2 +
 charts/fp/templates/piko.yaml    |  2 +-
 scripts/k8s-secrets.sh           | 24 ++++++++++-
 6 files changed, 33 insertions(+), 69 deletions(-)

diff --git a/ARCHITECHTURE.md b/ARCHITECHTURE.md
index e03f30a..4d6341d 100644
--- a/ARCHITECHTURE.md
+++ b/ARCHITECHTURE.md
@@ -11,3 +11,5 @@ dokku for Production, deployed with `git push`.
 (dokku is slowly being replaced by Kubernetes)
 
 Kubernetes for Production, deployed using FluxCD
+
+direnv for loading .envrc
\ No newline at end of file
diff --git a/Makefile b/Makefile
index eee0d35..05f3c98 100644
--- a/Makefile
+++ b/Makefile
@@ -17,80 +17,17 @@ flux:
 argo:
 	helmsman --apply -f ./helmsman.argocd.yaml
 
-namespaces:
-	kubectl create namespace cert-manager
-	kubectl create namespace futureporn
-
 helmsman:
 	helmsman --apply -f ./helmsman.yaml
 
-deploy: helmsman secrets
+deploy: 
+	./scripts/k8s-namespaces.sh
+	./scripts/k8s-secrets.sh
+	./scripts/flux-bootstrap.sh
 
 tilt:
 	tilt up
 
-secrets:
-
-	kubectl --namespace futureporn delete secret frp --ignore-not-found
-	kubectl --namespace futureporn create secret generic frp \
-	--from-literal=token=${FRP_TOKEN}
-
-	kubectl --namespace futureporn delete secret scout --ignore-not-found
-	kubectl --namespace futureporn create secret generic scout \
-	--from-literal=recentsToken=${SCOUT_RECENTS_TOKEN} \
-	--from-literal=strapiApiKey=${SCOUT_STRAPI_API_KEY} \
-	--from-literal=imapServer=${SCOUT_IMAP_SERVER} \
-	--from-literal=imapPort=${SCOUT_IMAP_PORT} \
-	--from-literal=imapUsername=${SCOUT_IMAP_USERNAME} \
-	--from-literal=imapPassword=${SCOUT_IMAP_PASSWORD} \
-	--from-literal=imapAccessToken=${SCOUT_IMAP_ACCESS_TOKEN} \
-
-	kubectl --namespace futureporn delete secret link2cid --ignore-not-found
-	kubectl --namespace futureporn create secret generic link2cid \
-	--from-literal=apiKey=${LINK2CID_API_KEY}
-
-	kubectl --namespace cert-manager delete secret vultr --ignore-not-found
-	kubectl --namespace cert-manager create secret generic vultr \
-	--from-literal=apiKey=${VULTR_API_KEY}
-
-	kubectl --namespace futureporn delete secret vultr --ignore-not-found
-	kubectl --namespace futureporn create secret generic vultr \
-	--from-literal=containerRegistryUsername=${VULTR_CONTAINER_REGISTRY_USERNAME} \
-	--from-literal=apiKey=${VULTR_API_KEY}
-
-	kubectl --namespace futureporn delete secret postgres --ignore-not-found
-	kubectl --namespace futureporn create secret generic postgres \
-	--from-literal=password=${POSTGRES_PASSWORD}
-
-	kubectl --namespace futureporn delete secret pgadmin --ignore-not-found
-	kubectl --namespace futureporn create secret generic pgadmin \
-	--from-literal=defaultEmail=${PGADMIN_DEFAULT_EMAIL} \
-	--from-literal=defaultPassword=${PGADMIN_DEFAULT_PASSWORD}
-
-	kubectl --namespace futureporn delete secret strapi --ignore-not-found
-	kubectl --namespace futureporn create secret generic strapi \
-	--from-literal=adminJwtSecret=${STRAPI_ADMIN_JWT_SECRET} \
-	--from-literal=apiTokenSalt=${STRAPI_API_TOKEN_SALT} \
-	--from-literal=appKeys=${STRAPI_APP_KEYS} \
-	--from-literal=databaseUrl=postgres.futureporn.svc.cluster.local://${POSTGRES_USER}:${POSTGRES_PASSWORD}@${POSTGRES_HOST}:${POSTGRES_PORT}/${POSTGRES_DB} \
-	--from-literal=databaseUrl=postgres.futureporn.svc.cluster.local://${POSTGRES_USER}:${POSTGRES_PASSWORD}@${POSTGRES_HOST}:${POSTGRES_PORT}/${POSTGRES_DB} \
-	--from-literal=jwtSecret=${STRAPI_JWT_SECRET} \
-	--from-literal=muxPlaybackRestrictionId=${MUX_PLAYBACK_RESTRICTION_ID} \
-	--from-literal=muxSigningKeyPrivateKey=${MUX_SIGNING_KEY_PRIVATE_KEY} \
-	--from-literal=s3UscBucketApplicationKey=${S3_USC_BUCKET_APPLICATION_KEY} \
-	--from-literal=s3UscBucketEndpoint=${S3_USC_BUCKET_ENDPOINT} \
-	--from-literal=s3UscBucketName=${S3_USC_BUCKET_NAME} \
-	--from-literal=s3UscBucketKeyId=${S3_USC_BUCKET_KEY_ID} \
-	--from-literal=s3UscBucketRegion=${S3_USC_BUCKET_REGION} \
-	--from-literal=muxSigningKeyId=${MUX_SIGNING_KEY_ID} \
-	--from-literal=strapiAdminEmail=${STRAPI_ADMIN_EMAIL} \
-	--from-literal=sendgridApiKey=${SENDGRID_API_KEY} \
-	--from-literal=cdnBucketUscUrl=${CDN_BUCKET_USC_URL} \
-	--from-literal=transferTokenSalt=${TRANSFER_TOKEN_SALT}
-
-	kubectl --namespace futureporn delete secret realtime --ignore-not-found
-	kubectl --namespace futureporn create secret generic realtime \
-	--from-literal=postgresRealtimeConnectionString=${POSTGRES_REALTIME_CONNECTION_STRING}
 
 define _script
 cat <<'EOF' | ctlptl apply -f -
diff --git a/README.md b/README.md
index 37e4e8a..bca7cfc 100644
--- a/README.md
+++ b/README.md
@@ -15,3 +15,4 @@ Stand up a kubernetes cluster.
     make argocd
 
 Argo CD will watch the git repo for changes and deploy helm charts as necessary.
+
diff --git a/apps/base/windmill/windmill.yaml b/apps/base/windmill/windmill.yaml
index 09edfd3..a3409dd 100644
--- a/apps/base/windmill/windmill.yaml
+++ b/apps/base/windmill/windmill.yaml
@@ -26,6 +26,8 @@ spec:
   values:
     fullnameOverride: windmill-postgresql
     postgresql:
+      enabled: true
+      architecture: standalone
       auth:
         database: windmill
         existingSecret: windmill-postgres
diff --git a/charts/fp/templates/piko.yaml b/charts/fp/templates/piko.yaml
index a026dcb..f18c848 100644
--- a/charts/fp/templates/piko.yaml
+++ b/charts/fp/templates/piko.yaml
@@ -73,7 +73,7 @@ spec:
           - --config.path
           - /config/server.yaml
           - --config.expand-env
-       resources:
+        resources:
           limits:
             cpu: 250m
             ephemeral-storage: 1Gi
diff --git a/scripts/k8s-secrets.sh b/scripts/k8s-secrets.sh
index 9605392..e531f3d 100755
--- a/scripts/k8s-secrets.sh
+++ b/scripts/k8s-secrets.sh
@@ -2,6 +2,29 @@
 
 source .env
 
+
+kubectl --namespace futureporn delete secret windmill-postgresql --ignore-not-found
+# kubectl --namespace futureporn create secret generic windmill-postgresql \
+# --from-literal=postgres-password=${WINDMILL_POSTGRES_PASSWORD}
+## we do this so helm can adopt our pre-made secret @see https://github.com/helm/helm/pull/7649
+cat <<EOF | kubectl --namespace futureporn create -f-
+---
+data:
+  postgres-password: $(echo -n $WINDMILL_POSTGRES_PASSWORD | base64)
+apiVersion: v1
+kind: Secret
+metadata:
+  name: windmill-postgresql
+  namespace: futureporn
+  annotations:
+    meta.helm.sh/release-namespace: futureporn
+    meta.helm.sh/release-name: postgresql
+  labels:
+    app.kubernetes.io/managed-by: Helm
+    app.kubernetes.io/instance: postgresql
+type: Opaque
+EOF
+
 kubectl --namespace futureporn delete secret frp --ignore-not-found
 kubectl --namespace futureporn create secret generic frp \
 --from-literal=token=${FRP_TOKEN}
@@ -44,7 +67,6 @@ kubectl --namespace futureporn create secret generic strapi \
 --from-literal=apiTokenSalt=${STRAPI_API_TOKEN_SALT} \
 --from-literal=appKeys=${STRAPI_APP_KEYS} \
 --from-literal=databaseUrl=postgres.futureporn.svc.cluster.local://${POSTGRES_USER}:${POSTGRES_PASSWORD}@${POSTGRES_HOST}:${POSTGRES_PORT}/${POSTGRES_DB} \
---from-literal=databaseUrl=postgres.futureporn.svc.cluster.local://${POSTGRES_USER}:${POSTGRES_PASSWORD}@${POSTGRES_HOST}:${POSTGRES_PORT}/${POSTGRES_DB} \
 --from-literal=jwtSecret=${STRAPI_JWT_SECRET} \
 --from-literal=muxPlaybackRestrictionId=${MUX_PLAYBACK_RESTRICTION_ID} \
 --from-literal=muxSigningKeyPrivateKey=${MUX_SIGNING_KEY_PRIVATE_KEY} \