futureporn
/
fp
1
0
Fork 0
Code Issues 1 Pull Requests Actions Packages Projects Releases Wiki Activity

bitnami pgsql improvements
ci / build (push) Waiting to run Details

This commit is contained in:
CJ_Clippy 2024-05-28 13:28:35 -08:00
parent c07e385bb7
commit 4f4c92036b
6 changed files with 33 additions and 69 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
ARCHITECHTURE.md
View File

@ -11,3 +11,5 @@ dokku for Production, deployed with `git push`.
(dokku is slowly being replaced by Kubernetes) (dokku is slowly being replaced by Kubernetes)
Kubernetes for Production, deployed using FluxCD Kubernetes for Production, deployed using FluxCD
direnv for loading .envrc

71
Makefile
View File

@ -17,80 +17,17 @@ flux:
argo: argo:
helmsman --apply -f ./helmsman.argocd.yaml helmsman --apply -f ./helmsman.argocd.yaml
namespaces:
kubectl create namespace cert-manager
kubectl create namespace futureporn
helmsman: helmsman:
helmsman --apply -f ./helmsman.yaml helmsman --apply -f ./helmsman.yaml
deploy: helmsman secrets deploy:
./scripts/k8s-namespaces.sh
./scripts/k8s-secrets.sh
./scripts/flux-bootstrap.sh
tilt: tilt:
tilt up tilt up
secrets:
kubectl --namespace futureporn delete secret frp --ignore-not-found
kubectl --namespace futureporn create secret generic frp \
--from-literal=token=${FRP_TOKEN}
kubectl --namespace futureporn delete secret scout --ignore-not-found
kubectl --namespace futureporn create secret generic scout \
--from-literal=recentsToken=${SCOUT_RECENTS_TOKEN} \
--from-literal=strapiApiKey=${SCOUT_STRAPI_API_KEY} \
--from-literal=imapServer=${SCOUT_IMAP_SERVER} \
--from-literal=imapPort=${SCOUT_IMAP_PORT} \
--from-literal=imapUsername=${SCOUT_IMAP_USERNAME} \
--from-literal=imapPassword=${SCOUT_IMAP_PASSWORD} \
--from-literal=imapAccessToken=${SCOUT_IMAP_ACCESS_TOKEN} \
kubectl --namespace futureporn delete secret link2cid --ignore-not-found
kubectl --namespace futureporn create secret generic link2cid \
--from-literal=apiKey=${LINK2CID_API_KEY}
kubectl --namespace cert-manager delete secret vultr --ignore-not-found
kubectl --namespace cert-manager create secret generic vultr \
--from-literal=apiKey=${VULTR_API_KEY}
kubectl --namespace futureporn delete secret vultr --ignore-not-found
kubectl --namespace futureporn create secret generic vultr \
--from-literal=containerRegistryUsername=${VULTR_CONTAINER_REGISTRY_USERNAME} \
--from-literal=apiKey=${VULTR_API_KEY}
kubectl --namespace futureporn delete secret postgres --ignore-not-found
kubectl --namespace futureporn create secret generic postgres \
--from-literal=password=${POSTGRES_PASSWORD}
kubectl --namespace futureporn delete secret pgadmin --ignore-not-found
kubectl --namespace futureporn create secret generic pgadmin \
--from-literal=defaultEmail=${PGADMIN_DEFAULT_EMAIL} \
--from-literal=defaultPassword=${PGADMIN_DEFAULT_PASSWORD}
kubectl --namespace futureporn delete secret strapi --ignore-not-found
kubectl --namespace futureporn create secret generic strapi \
--from-literal=adminJwtSecret=${STRAPI_ADMIN_JWT_SECRET} \
--from-literal=apiTokenSalt=${STRAPI_API_TOKEN_SALT} \
--from-literal=appKeys=${STRAPI_APP_KEYS} \
--from-literal=databaseUrl=postgres.futureporn.svc.cluster.local://${POSTGRES_USER}:${POSTGRES_PASSWORD}@${POSTGRES_HOST}:${POSTGRES_PORT}/${POSTGRES_DB} \
--from-literal=databaseUrl=postgres.futureporn.svc.cluster.local://${POSTGRES_USER}:${POSTGRES_PASSWORD}@${POSTGRES_HOST}:${POSTGRES_PORT}/${POSTGRES_DB} \
--from-literal=jwtSecret=${STRAPI_JWT_SECRET} \
--from-literal=muxPlaybackRestrictionId=${MUX_PLAYBACK_RESTRICTION_ID} \
--from-literal=muxSigningKeyPrivateKey=${MUX_SIGNING_KEY_PRIVATE_KEY} \
--from-literal=s3UscBucketApplicationKey=${S3_USC_BUCKET_APPLICATION_KEY} \
--from-literal=s3UscBucketEndpoint=${S3_USC_BUCKET_ENDPOINT} \
--from-literal=s3UscBucketName=${S3_USC_BUCKET_NAME} \
--from-literal=s3UscBucketKeyId=${S3_USC_BUCKET_KEY_ID} \
--from-literal=s3UscBucketRegion=${S3_USC_BUCKET_REGION} \
--from-literal=muxSigningKeyId=${MUX_SIGNING_KEY_ID} \
--from-literal=strapiAdminEmail=${STRAPI_ADMIN_EMAIL} \
--from-literal=sendgridApiKey=${SENDGRID_API_KEY} \
--from-literal=cdnBucketUscUrl=${CDN_BUCKET_USC_URL} \
--from-literal=transferTokenSalt=${TRANSFER_TOKEN_SALT}
kubectl --namespace futureporn delete secret realtime --ignore-not-found
kubectl --namespace futureporn create secret generic realtime \
--from-literal=postgresRealtimeConnectionString=${POSTGRES_REALTIME_CONNECTION_STRING}
define _script define _script
cat <<'EOF' | ctlptl apply -f - cat <<'EOF' | ctlptl apply -f -

1
README.md
View File

@ -15,3 +15,4 @@ Stand up a kubernetes cluster.
make argocd make argocd
Argo CD will watch the git repo for changes and deploy helm charts as necessary. Argo CD will watch the git repo for changes and deploy helm charts as necessary.

2
apps/base/windmill/windmill.yaml
View File

@ -26,6 +26,8 @@ spec:
values: values:
fullnameOverride: windmill-postgresql fullnameOverride: windmill-postgresql
postgresql: postgresql:
enabled: true
architecture: standalone
auth: auth:
database: windmill database: windmill
existingSecret: windmill-postgres existingSecret: windmill-postgres

24
scripts/k8s-secrets.sh
View File

@ -2,6 +2,29 @@
source .env source .env
kubectl --namespace futureporn delete secret windmill-postgresql --ignore-not-found
# kubectl --namespace futureporn create secret generic windmill-postgresql \
# --from-literal=postgres-password=${WINDMILL_POSTGRES_PASSWORD}
## we do this so helm can adopt our pre-made secret @see https://github.com/helm/helm/pull/7649
cat <<EOF | kubectl --namespace futureporn create -f-
---
data:
postgres-password: $(echo -n $WINDMILL_POSTGRES_PASSWORD | base64)
apiVersion: v1
kind: Secret
metadata:
name: windmill-postgresql
namespace: futureporn
annotations:
meta.helm.sh/release-namespace: futureporn
meta.helm.sh/release-name: postgresql
labels:
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/instance: postgresql
type: Opaque
EOF
kubectl --namespace futureporn delete secret frp --ignore-not-found kubectl --namespace futureporn delete secret frp --ignore-not-found
kubectl --namespace futureporn create secret generic frp \ kubectl --namespace futureporn create secret generic frp \
--from-literal=token=${FRP_TOKEN} --from-literal=token=${FRP_TOKEN}
@ -44,7 +67,6 @@ kubectl --namespace futureporn create secret generic strapi \
--from-literal=apiTokenSalt=${STRAPI_API_TOKEN_SALT} \ --from-literal=apiTokenSalt=${STRAPI_API_TOKEN_SALT} \
--from-literal=appKeys=${STRAPI_APP_KEYS} \ --from-literal=appKeys=${STRAPI_APP_KEYS} \
--from-literal=databaseUrl=postgres.futureporn.svc.cluster.local://${POSTGRES_USER}:${POSTGRES_PASSWORD}@${POSTGRES_HOST}:${POSTGRES_PORT}/${POSTGRES_DB} \ --from-literal=databaseUrl=postgres.futureporn.svc.cluster.local://${POSTGRES_USER}:${POSTGRES_PASSWORD}@${POSTGRES_HOST}:${POSTGRES_PORT}/${POSTGRES_DB} \
--from-literal=databaseUrl=postgres.futureporn.svc.cluster.local://${POSTGRES_USER}:${POSTGRES_PASSWORD}@${POSTGRES_HOST}:${POSTGRES_PORT}/${POSTGRES_DB} \
--from-literal=jwtSecret=${STRAPI_JWT_SECRET} \ --from-literal=jwtSecret=${STRAPI_JWT_SECRET} \
--from-literal=muxPlaybackRestrictionId=${MUX_PLAYBACK_RESTRICTION_ID} \ --from-literal=muxPlaybackRestrictionId=${MUX_PLAYBACK_RESTRICTION_ID} \
--from-literal=muxSigningKeyPrivateKey=${MUX_SIGNING_KEY_PRIVATE_KEY} \ --from-literal=muxSigningKeyPrivateKey=${MUX_SIGNING_KEY_PRIVATE_KEY} \