separate staging from prod

2024-06-19 17:43:25 -08:00 · 2024-06-19 17:43:25 -08:00 · 92a77d0876
parent ad1d81b75a
commit 92a77d0876
21 changed files with 197 additions and 65 deletions
--- a/11
+++ b/11
@ -7,12 +7,17 @@ namespaces:
 secrets:
 	./scripts/k8s-secrets.sh
-flux:
+flux-prod:
-	./scripts/flux-bootstrap.sh
+	./scripts/flux-bootstrap-prod.sh
 flux-staging:
 	./scripts/flux-bootstrap-staging.sh
 dev: kind namespaces secrets chisel velero
-prod: namespaces secrets velero flux
+prod: namespaces secrets velero flux-prod
 staging: namespaces secrets velero flux-staging
 velero:
 	./scripts/velero-create.sh
--- a/apps/base/fp/release.yaml
+++ b/apps/base/fp/release.yaml
@ -42,9 +42,6 @@ spec:
      url: https://strapi.piko.sbtp.xyz
      certIssuer: letsencrypt-staging
      hostname: strapi.futureporn.svc.cluster.local
      ingressClassName: ngrok
    ngrok:
      hostname: grateful-engaging-cicada.ngrok-free.app
    realtime:
      imageName: gitea.futureporn.net/futureporn/realtime:latest
    adminEmail: cj@futureporn.net
--- a/apps/base/windmill/.gitkeep
+++ b/apps/base/windmill/.gitkeep
--- a/apps/production/fp-values.yaml
+++ b/apps/production/fp-values.yaml
@ -0,0 +1,17 @@
 apiVersion: helm.toolkit.fluxcd.io/v2
 kind: HelmRelease
 metadata:
  name: fp
  namespace: futureporn
 spec:
  values:
    next:
      certIssuer: letsencrypt-prod
      hostname: next.futureporn.net
    scout:
      certIssuer: letsencrypt-prod
      cdnBucketUrl: https://futureporn-b2.b-cdn.net
      s3BucketName: futureporn-b2
    strapi:
      url: https://portal.futureporn.net
      hostname: portal.futureporn.net
--- a/apps/production/kustomization.yaml
+++ b/apps/production/kustomization.yaml
@ -1,11 +1,11 @@
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 namespace: futureporn
 resources:
  - ../base/podinfo
  - ../base/temporal
  - ../base/fp
 patches:
-  - path: podinfo-values.yaml
+  - path: fp-values.yaml
    target:
      kind: HelmRelease
-      name: podinfo
+      name: fp
--- a/apps/production/podinfo-values.yaml
+++ b/apps/production/podinfo-values.yaml
@ -1,21 +0,0 @@
 apiVersion: helm.toolkit.fluxcd.io/v2
 kind: HelmRelease
 metadata:
  name: podinfo
  namespace: futureporn
 spec:
  chart:
    spec:
      version: ">=1.0.0"
  values:
    ingress:
      hosts:
        - host: podinfo.sbtp.xyz
          paths:
            - path: /
              pathType: Prefix
              backend:
                service:
                  name: podinfo
                  port:
                    number: 9898
--- a/apps/staging/chisel/chisel.yaml
+++ b/apps/staging/chisel/chisel.yaml
@ -1,25 +0,0 @@
 apiVersion: source.toolkit.fluxcd.io/v1beta2
 kind: GitRepository
 metadata:
  name: chisel-operator
  namespace: futureporn
 spec:
  interval: 5m
  url: https://github.com/FyraLabs/chisel-operator
  ref:
    branch: master
 ---
 apiVersion: kustomize.toolkit.fluxcd.io/v1beta2
 kind: Kustomization
 metadata:
  name: chisel-operator
  namespace: futureporn
 spec:
  interval: 10m
  targetNamespace: futureporn
  sourceRef:
    kind: GitRepository
    name: chisel-operator
  path: "./kustomize"
  prune: true
--- a/apps/staging/chisel/kustomization.yaml
+++ b/apps/staging/chisel/kustomization.yaml
@ -1,5 +0,0 @@
 apiVersion: kustomize.config.k8s.io/v1beta1
 kind: Kustomization
 namespace: futureporn
 resources:
  - chisel.yaml
--- a/apps/staging/fp-values.yaml
+++ b/apps/staging/fp-values.yaml
@ -0,0 +1,17 @@
 apiVersion: helm.toolkit.fluxcd.io/v2
 kind: HelmRelease
 metadata:
  name: fp
  namespace: futureporn
 spec:
  values:
    next:
      certIssuer: letsencrypt-staging
      hostname: next.sbtp.xyz
    scout:
      certIssuer: letsencrypt-staging
      cdnBucketUrl: https://fp-dev.b-cdn.net
      s3BucketName: fp-dev
    strapi:
      url: https://strapi.sbtp.xyz
      hostname: strapi.sbtp.xyz
--- a/apps/staging/kustomization.yaml
+++ b/apps/staging/kustomization.yaml
@ -3,7 +3,14 @@ kind: Kustomization
 namespace: futureporn
 resources:
  - ../base/podinfo
  - ../base/temporal
  - ../base/fp
 patches:
  - path: podinfo-values.yaml
    target:
      kind: HelmRelease
      name: podinfo
  - path: fp-values.yaml
    target:
      kind: HelmRelease
      name: fp
--- a/apps/staging/podinfo-values.yaml
+++ b/apps/staging/podinfo-values.yaml
@ -12,7 +12,7 @@ spec:
  values:
    ingress:
      hosts:
-        - host: podinfo.staging
+        - host: podinfo.sbtp.xyz
          paths:
            - path: /
              pathType: ImplementationSpecific
--- a/clusters/staging/apps.yaml
+++ b/clusters/staging/apps.yaml
@ -4,7 +4,7 @@ metadata:
  name: apps
  namespace: flux-system
 spec:
-  interval: 10m0s
+  interval: 1m0s
  dependsOn:
    - name: infra-configs
  sourceRef:
--- a/clusters/staging/infrastructure.yaml
+++ b/clusters/staging/infrastructure.yaml
@ -14,6 +14,7 @@ spec:
  path: ./infrastructure/controllers
  prune: true
  wait: true
 ---
 apiVersion: kustomize.toolkit.fluxcd.io/v1
 kind: Kustomization
--- a/infrastructure/configs/cluster-issuers.yaml
+++ b/infrastructure/configs/cluster-issuers.yaml
@ -6,7 +6,7 @@ metadata:
 spec:
  acme:
    # Replace the email address with your own contact email
-    email: fluxcdbot@users.noreply.github.com
+    email: cj@futureporn.net
    # The server is replaced in /clusters/production/infrastructure.yaml
    server: https://acme-staging-v02.api.letsencrypt.org/directory
    privateKeySecretRef:
--- a/infrastructure/controllers/cert-manager.yaml
+++ b/infrastructure/controllers/cert-manager.yaml
@ -3,6 +3,7 @@ apiVersion: v1
 kind: Namespace
 metadata:
  name: cert-manager
 ---
 apiVersion: source.toolkit.fluxcd.io/v1
 kind: HelmRepository
@ -12,6 +13,7 @@ metadata:
 spec:
  interval: 24h
  url: https://charts.jetstack.io
 ---
 apiVersion: helm.toolkit.fluxcd.io/v2
 kind: HelmRelease
--- a/packages/infra/package.json
+++ b/packages/infra/package.json
@ -0,0 +1,12 @@
 {
  "name": "scripts",
  "type": "module",
  "version": "1.0.0",
  "description": "",
  "keywords": [],
  "author": "",
  "license": "Unlicense",
  "dependencies": {
    "dotenv": "^16.4.5"
  }
 }
--- a/packages/infra/pnpm-lock.yaml
+++ b/packages/infra/pnpm-lock.yaml
@ -0,0 +1,23 @@
 lockfileVersion: '9.0'
 settings:
  autoInstallPeers: true
  excludeLinksFromLockfile: false
 importers:
  .:
    dependencies:
      dotenv:
        specifier: ^16.4.5
        version: 16.4.5
 packages:
  dotenv@16.4.5:
    resolution: {integrity: sha512-ZmdL2rui+eB2YwhsWzjInR8LldtZHGDoQ1ugH85ppHKwpUHL7j7rN0Ti9NCnGiQbhaZ11FpR+7ao1dNsmduNUg==}
    engines: {node: '>=12'}
 snapshots:
  dotenv@16.4.5: {}
--- a/packages/infra/vultr-delete-orphaned-resources.js
+++ b/packages/infra/vultr-delete-orphaned-resources.js
@ -0,0 +1,84 @@
 #!/usr/bin/env node
 import dotenv from 'dotenv'
 dotenv.config({ path: '../../.env' })
 const apiV2Base = 'https://api.vultr.com/v2'
 if (!process.env.VULTR_API_KEY) throw new Error('VULTR_API_KEY is missing in env');
 async function deleteOrphanedLoadBalancers() {
    console.log('getting load balancers')
    const loadBalancersRes = await fetch(`${apiV2Base}/load-balancers`, {
        method: 'GET',
        headers: {
            'authorization': `Bearer ${process.env.VULTR_API_KEY}`
        }
    })
    const loadBalancerJson = await loadBalancersRes.json()
    const orphanedLoadBalancers = loadBalancerJson.load_balancers.filter((lb) => (lb.instances.length === 0))
    console.log(`found ${orphanedLoadBalancers.length} orphaned load balancers.`)
    console.log('waiting 1 second')
    await new Promise((resolve) => { setTimeout(resolve, 1000) })
    for (const lb of orphanedLoadBalancers) {
        console.log(`deleting load balancer ${lb.id}`)
        const deleteLoadBalancerRes = await fetch(`https://api.vultr.com/v2/load-balancers/${lb.id}`, {
            method: 'DELETE',
            headers: {
                'Authorization': `Bearer ${process.env.VULTR_API_KEY}`
            }
        })
        console.log('waiting 1 second')
        await new Promise((resolve) => { setTimeout(resolve, 1000) })
    }
 }
 async function deleteOrphanedBlockStorage() {
    console.log('getting block storage')
    const blocksRes = await fetch(`${apiV2Base}/blocks`, {
        method: 'GET',
        headers: {
            'authorization': `Bearer ${process.env.VULTR_API_KEY}`
        }
    })
    const blocksJson = await blocksRes.json()
    const orphanedBlocks = blocksJson.blocks.filter((b) => b.attached_to_instance === '')
    console.log(`found ${orphanedBlocks.length} orphaned block storages`)
    console.log('waiting 1 second')
    await new Promise((resolve) => { setTimeout(resolve, 1000) })
    for (const block of orphanedBlocks) {
        console.log(`deleting block ${block.id}`)
        const deleteBlocksRes = await fetch(`${apiV2Base}/blocks/${block.id}`, {
            method: 'DELETE',
            headers: {
                'Authorization': `Bearer ${process.env.VULTR_API_KEY}`
            }
        })
        console.log('waiting 1 second')
        await new Promise((resolve) => { setTimeout(resolve, 1000) })
    }
 }
 async function main() {
    await deleteOrphanedLoadBalancers()
    await deleteOrphanedBlockStorage()
 }
 main()
--- a/scripts/flux-bootstrap-prod.sh
+++ b/scripts/flux-bootstrap-prod.sh
--- a/scripts/flux-bootstrap-staging.sh
+++ b/scripts/flux-bootstrap-staging.sh
@ -0,0 +1,17 @@
 #!/bin/bash
 ## this way is annoying because deployment asks for git password
 # flux bootstrap git \
 #   --kubeconfig /home/cj/.kube/vke.yaml \
 #   --url=https://gitea.futureporn.net/futureporn/fp.git \
 #   --branch=main \
 #   --username=cj_clippy \
 #   --token-auth=true \
 #   --path=clusters/staging
 ## this way is more automatic although it does ask for yes/no confirmation that the ssh key has repo access
 flux bootstrap git \
  --url="ssh://git@gitea.futureporn.net:2222/futureporn/fp" \
  --branch=main \
  --path="clusters/staging" \
  --private-key-file=/home/cj/.ssh/fp-flux
--- a/scripts/postgres-restore.sh
+++ b/scripts/postgres-restore.sh
@ -1,5 +1,6 @@
 #!/bin/bash
 dbname=2024-06-19_22-24-03-futureporn-db.psql
 ## drop futureporn_db
 kubectl -n futureporn exec postgres -- psql -U postgres --command "DROP DATABASE futureporn_db;"
@ -26,6 +27,6 @@ kubectl -n futureporn exec postgres -- psql -U postgres --command "\
 # kubectl exec -i POD_NAME -- pg_restore -U USERNAME -C -d DATABASE < dump.sql
-kubectl -n futureporn cp /home/cj/Documents/futureporn-meta/backups/2024-06-18_20-35-38-futureporn-db.psql postgres:/tmp/db.psql
+kubectl -n futureporn cp /home/cj/Documents/futureporn-meta/backups/$dbname postgres:/tmp/db.psql
 kubectl -n futureporn exec -i postgres -- pg_restore -U postgres -d futureporn_db /tmp/db.psql
 # kubectl -n futureporn exec -ti db-postgresql-0 -- rm /tmp/db.psql