bitnami pgsql improvements
ci / build (push) Waiting to run Details

This commit is contained in:
CJ_Clippy 2024-05-28 13:28:35 -08:00
parent c07e385bb7
commit 4f4c92036b
6 changed files with 33 additions and 69 deletions

View File

@ -11,3 +11,5 @@ dokku for Production, deployed with `git push`.
(dokku is slowly being replaced by Kubernetes) (dokku is slowly being replaced by Kubernetes)
Kubernetes for Production, deployed using FluxCD Kubernetes for Production, deployed using FluxCD
direnv for loading .envrc

View File

@ -17,80 +17,17 @@ flux:
argo: argo:
helmsman --apply -f ./helmsman.argocd.yaml helmsman --apply -f ./helmsman.argocd.yaml
namespaces:
kubectl create namespace cert-manager
kubectl create namespace futureporn
helmsman: helmsman:
helmsman --apply -f ./helmsman.yaml helmsman --apply -f ./helmsman.yaml
deploy: helmsman secrets deploy:
./scripts/k8s-namespaces.sh
./scripts/k8s-secrets.sh
./scripts/flux-bootstrap.sh
tilt: tilt:
tilt up tilt up
secrets:
kubectl --namespace futureporn delete secret frp --ignore-not-found
kubectl --namespace futureporn create secret generic frp \
--from-literal=token=${FRP_TOKEN}
kubectl --namespace futureporn delete secret scout --ignore-not-found
kubectl --namespace futureporn create secret generic scout \
--from-literal=recentsToken=${SCOUT_RECENTS_TOKEN} \
--from-literal=strapiApiKey=${SCOUT_STRAPI_API_KEY} \
--from-literal=imapServer=${SCOUT_IMAP_SERVER} \
--from-literal=imapPort=${SCOUT_IMAP_PORT} \
--from-literal=imapUsername=${SCOUT_IMAP_USERNAME} \
--from-literal=imapPassword=${SCOUT_IMAP_PASSWORD} \
--from-literal=imapAccessToken=${SCOUT_IMAP_ACCESS_TOKEN} \
kubectl --namespace futureporn delete secret link2cid --ignore-not-found
kubectl --namespace futureporn create secret generic link2cid \
--from-literal=apiKey=${LINK2CID_API_KEY}
kubectl --namespace cert-manager delete secret vultr --ignore-not-found
kubectl --namespace cert-manager create secret generic vultr \
--from-literal=apiKey=${VULTR_API_KEY}
kubectl --namespace futureporn delete secret vultr --ignore-not-found
kubectl --namespace futureporn create secret generic vultr \
--from-literal=containerRegistryUsername=${VULTR_CONTAINER_REGISTRY_USERNAME} \
--from-literal=apiKey=${VULTR_API_KEY}
kubectl --namespace futureporn delete secret postgres --ignore-not-found
kubectl --namespace futureporn create secret generic postgres \
--from-literal=password=${POSTGRES_PASSWORD}
kubectl --namespace futureporn delete secret pgadmin --ignore-not-found
kubectl --namespace futureporn create secret generic pgadmin \
--from-literal=defaultEmail=${PGADMIN_DEFAULT_EMAIL} \
--from-literal=defaultPassword=${PGADMIN_DEFAULT_PASSWORD}
kubectl --namespace futureporn delete secret strapi --ignore-not-found
kubectl --namespace futureporn create secret generic strapi \
--from-literal=adminJwtSecret=${STRAPI_ADMIN_JWT_SECRET} \
--from-literal=apiTokenSalt=${STRAPI_API_TOKEN_SALT} \
--from-literal=appKeys=${STRAPI_APP_KEYS} \
--from-literal=databaseUrl=postgres.futureporn.svc.cluster.local://${POSTGRES_USER}:${POSTGRES_PASSWORD}@${POSTGRES_HOST}:${POSTGRES_PORT}/${POSTGRES_DB} \
--from-literal=databaseUrl=postgres.futureporn.svc.cluster.local://${POSTGRES_USER}:${POSTGRES_PASSWORD}@${POSTGRES_HOST}:${POSTGRES_PORT}/${POSTGRES_DB} \
--from-literal=jwtSecret=${STRAPI_JWT_SECRET} \
--from-literal=muxPlaybackRestrictionId=${MUX_PLAYBACK_RESTRICTION_ID} \
--from-literal=muxSigningKeyPrivateKey=${MUX_SIGNING_KEY_PRIVATE_KEY} \
--from-literal=s3UscBucketApplicationKey=${S3_USC_BUCKET_APPLICATION_KEY} \
--from-literal=s3UscBucketEndpoint=${S3_USC_BUCKET_ENDPOINT} \
--from-literal=s3UscBucketName=${S3_USC_BUCKET_NAME} \
--from-literal=s3UscBucketKeyId=${S3_USC_BUCKET_KEY_ID} \
--from-literal=s3UscBucketRegion=${S3_USC_BUCKET_REGION} \
--from-literal=muxSigningKeyId=${MUX_SIGNING_KEY_ID} \
--from-literal=strapiAdminEmail=${STRAPI_ADMIN_EMAIL} \
--from-literal=sendgridApiKey=${SENDGRID_API_KEY} \
--from-literal=cdnBucketUscUrl=${CDN_BUCKET_USC_URL} \
--from-literal=transferTokenSalt=${TRANSFER_TOKEN_SALT}
kubectl --namespace futureporn delete secret realtime --ignore-not-found
kubectl --namespace futureporn create secret generic realtime \
--from-literal=postgresRealtimeConnectionString=${POSTGRES_REALTIME_CONNECTION_STRING}
define _script define _script
cat <<'EOF' | ctlptl apply -f - cat <<'EOF' | ctlptl apply -f -

View File

@ -15,3 +15,4 @@ Stand up a kubernetes cluster.
make argocd make argocd
Argo CD will watch the git repo for changes and deploy helm charts as necessary. Argo CD will watch the git repo for changes and deploy helm charts as necessary.

View File

@ -26,6 +26,8 @@ spec:
values: values:
fullnameOverride: windmill-postgresql fullnameOverride: windmill-postgresql
postgresql: postgresql:
enabled: true
architecture: standalone
auth: auth:
database: windmill database: windmill
existingSecret: windmill-postgres existingSecret: windmill-postgres

View File

@ -73,7 +73,7 @@ spec:
- --config.path - --config.path
- /config/server.yaml - /config/server.yaml
- --config.expand-env - --config.expand-env
resources: resources:
limits: limits:
cpu: 250m cpu: 250m
ephemeral-storage: 1Gi ephemeral-storage: 1Gi

View File

@ -2,6 +2,29 @@
source .env source .env
kubectl --namespace futureporn delete secret windmill-postgresql --ignore-not-found
# kubectl --namespace futureporn create secret generic windmill-postgresql \
# --from-literal=postgres-password=${WINDMILL_POSTGRES_PASSWORD}
## we do this so helm can adopt our pre-made secret @see https://github.com/helm/helm/pull/7649
cat <<EOF | kubectl --namespace futureporn create -f-
---
data:
postgres-password: $(echo -n $WINDMILL_POSTGRES_PASSWORD | base64)
apiVersion: v1
kind: Secret
metadata:
name: windmill-postgresql
namespace: futureporn
annotations:
meta.helm.sh/release-namespace: futureporn
meta.helm.sh/release-name: postgresql
labels:
app.kubernetes.io/managed-by: Helm
app.kubernetes.io/instance: postgresql
type: Opaque
EOF
kubectl --namespace futureporn delete secret frp --ignore-not-found kubectl --namespace futureporn delete secret frp --ignore-not-found
kubectl --namespace futureporn create secret generic frp \ kubectl --namespace futureporn create secret generic frp \
--from-literal=token=${FRP_TOKEN} --from-literal=token=${FRP_TOKEN}
@ -44,7 +67,6 @@ kubectl --namespace futureporn create secret generic strapi \
--from-literal=apiTokenSalt=${STRAPI_API_TOKEN_SALT} \ --from-literal=apiTokenSalt=${STRAPI_API_TOKEN_SALT} \
--from-literal=appKeys=${STRAPI_APP_KEYS} \ --from-literal=appKeys=${STRAPI_APP_KEYS} \
--from-literal=databaseUrl=postgres.futureporn.svc.cluster.local://${POSTGRES_USER}:${POSTGRES_PASSWORD}@${POSTGRES_HOST}:${POSTGRES_PORT}/${POSTGRES_DB} \ --from-literal=databaseUrl=postgres.futureporn.svc.cluster.local://${POSTGRES_USER}:${POSTGRES_PASSWORD}@${POSTGRES_HOST}:${POSTGRES_PORT}/${POSTGRES_DB} \
--from-literal=databaseUrl=postgres.futureporn.svc.cluster.local://${POSTGRES_USER}:${POSTGRES_PASSWORD}@${POSTGRES_HOST}:${POSTGRES_PORT}/${POSTGRES_DB} \
--from-literal=jwtSecret=${STRAPI_JWT_SECRET} \ --from-literal=jwtSecret=${STRAPI_JWT_SECRET} \
--from-literal=muxPlaybackRestrictionId=${MUX_PLAYBACK_RESTRICTION_ID} \ --from-literal=muxPlaybackRestrictionId=${MUX_PLAYBACK_RESTRICTION_ID} \
--from-literal=muxSigningKeyPrivateKey=${MUX_SIGNING_KEY_PRIVATE_KEY} \ --from-literal=muxSigningKeyPrivateKey=${MUX_SIGNING_KEY_PRIVATE_KEY} \