From b9a296f045b16424a96a111234a8a0ea9e4a1e15 Mon Sep 17 00:00:00 2001 From: CJ_Clippy Date: Mon, 27 May 2024 21:17:49 -0800 Subject: [PATCH] scale down windmill workers --- ARCHITECHTURE.md | 2 +- apps/base/windmill/windmill.yaml | 4 +- scripts/flux-bootstrap.sh | 9 +++++ scripts/k8s-namespaces.sh | 6 +++ scripts/k8s-secrets.sh | 64 ++++++++++++++++++++++++++++++++ 5 files changed, 82 insertions(+), 3 deletions(-) create mode 100755 scripts/flux-bootstrap.sh create mode 100755 scripts/k8s-namespaces.sh create mode 100755 scripts/k8s-secrets.sh diff --git a/ARCHITECHTURE.md b/ARCHITECHTURE.md index 594ee97..e03f30a 100644 --- a/ARCHITECHTURE.md +++ b/ARCHITECHTURE.md @@ -10,4 +10,4 @@ dokku for Production, deployed with `git push`. (dokku is slowly being replaced by Kubernetes) -Kubernetes for Production, deployed using Helm/helmfile +Kubernetes for Production, deployed using FluxCD diff --git a/apps/base/windmill/windmill.yaml b/apps/base/windmill/windmill.yaml index ef922c5..1f528dc 100644 --- a/apps/base/windmill/windmill.yaml +++ b/apps/base/windmill/windmill.yaml @@ -77,13 +77,13 @@ spec: # postgres URI, pods will crashloop if database is unreachable, sets DATABASE_URL environment variable in app and worker container databaseUrl: postgres://postgres:windmill@windmill-postgresql/windmill?sslmode=disable # replica for the application app - appReplicas: 2 + appReplicas: 1 # replicas for the workers, jobs are executed on the workers lspReplicas: 2 workerGroups: # The default worker group is the one that will execute jobs with any taggs except the native ones. Windmill has a default worker group configuration for it - name: "default" - replicas: 3 + replicas: 1 # -- Annotations to apply to the pods annotations: {} # -- Labels to apply to the pods diff --git a/scripts/flux-bootstrap.sh b/scripts/flux-bootstrap.sh new file mode 100755 index 0000000..08e5e94 --- /dev/null +++ b/scripts/flux-bootstrap.sh @@ -0,0 +1,9 @@ +#!/bin/bash + +flux bootstrap git \ + --kubeconfig /home/cj/.kube/vke.yaml \ + --url=https://gitea.futureporn.net/futureporn/fp.git \ + --branch=main \ + --username=cj_clippy \ + --token-auth=true \ + --path=clusters/production \ No newline at end of file diff --git a/scripts/k8s-namespaces.sh b/scripts/k8s-namespaces.sh new file mode 100755 index 0000000..19c95b5 --- /dev/null +++ b/scripts/k8s-namespaces.sh @@ -0,0 +1,6 @@ +#!/bin/bash + +source .env + +kubectl create namespace cert-manager +kubectl create namespace futureporn diff --git a/scripts/k8s-secrets.sh b/scripts/k8s-secrets.sh new file mode 100755 index 0000000..9605392 --- /dev/null +++ b/scripts/k8s-secrets.sh @@ -0,0 +1,64 @@ +#!/bin/bash + +source .env + +kubectl --namespace futureporn delete secret frp --ignore-not-found +kubectl --namespace futureporn create secret generic frp \ +--from-literal=token=${FRP_TOKEN} + +kubectl --namespace futureporn delete secret scout --ignore-not-found +kubectl --namespace futureporn create secret generic scout \ +--from-literal=recentsToken=${SCOUT_RECENTS_TOKEN} \ +--from-literal=strapiApiKey=${SCOUT_STRAPI_API_KEY} \ +--from-literal=imapServer=${SCOUT_IMAP_SERVER} \ +--from-literal=imapPort=${SCOUT_IMAP_PORT} \ +--from-literal=imapUsername=${SCOUT_IMAP_USERNAME} \ +--from-literal=imapPassword=${SCOUT_IMAP_PASSWORD} \ +--from-literal=imapAccessToken=${SCOUT_IMAP_ACCESS_TOKEN} \ + +kubectl --namespace futureporn delete secret link2cid --ignore-not-found +kubectl --namespace futureporn create secret generic link2cid \ +--from-literal=apiKey=${LINK2CID_API_KEY} + +kubectl --namespace cert-manager delete secret vultr --ignore-not-found +kubectl --namespace cert-manager create secret generic vultr \ +--from-literal=apiKey=${VULTR_API_KEY} + +kubectl --namespace futureporn delete secret vultr --ignore-not-found +kubectl --namespace futureporn create secret generic vultr \ +--from-literal=containerRegistryUsername=${VULTR_CONTAINER_REGISTRY_USERNAME} \ +--from-literal=apiKey=${VULTR_API_KEY} + +kubectl --namespace futureporn delete secret postgres --ignore-not-found +kubectl --namespace futureporn create secret generic postgres \ +--from-literal=password=${POSTGRES_PASSWORD} + +kubectl --namespace futureporn delete secret pgadmin --ignore-not-found +kubectl --namespace futureporn create secret generic pgadmin \ +--from-literal=defaultEmail=${PGADMIN_DEFAULT_EMAIL} \ +--from-literal=defaultPassword=${PGADMIN_DEFAULT_PASSWORD} + +kubectl --namespace futureporn delete secret strapi --ignore-not-found +kubectl --namespace futureporn create secret generic strapi \ +--from-literal=adminJwtSecret=${STRAPI_ADMIN_JWT_SECRET} \ +--from-literal=apiTokenSalt=${STRAPI_API_TOKEN_SALT} \ +--from-literal=appKeys=${STRAPI_APP_KEYS} \ +--from-literal=databaseUrl=postgres.futureporn.svc.cluster.local://${POSTGRES_USER}:${POSTGRES_PASSWORD}@${POSTGRES_HOST}:${POSTGRES_PORT}/${POSTGRES_DB} \ +--from-literal=databaseUrl=postgres.futureporn.svc.cluster.local://${POSTGRES_USER}:${POSTGRES_PASSWORD}@${POSTGRES_HOST}:${POSTGRES_PORT}/${POSTGRES_DB} \ +--from-literal=jwtSecret=${STRAPI_JWT_SECRET} \ +--from-literal=muxPlaybackRestrictionId=${MUX_PLAYBACK_RESTRICTION_ID} \ +--from-literal=muxSigningKeyPrivateKey=${MUX_SIGNING_KEY_PRIVATE_KEY} \ +--from-literal=s3UscBucketApplicationKey=${S3_USC_BUCKET_APPLICATION_KEY} \ +--from-literal=s3UscBucketEndpoint=${S3_USC_BUCKET_ENDPOINT} \ +--from-literal=s3UscBucketName=${S3_USC_BUCKET_NAME} \ +--from-literal=s3UscBucketKeyId=${S3_USC_BUCKET_KEY_ID} \ +--from-literal=s3UscBucketRegion=${S3_USC_BUCKET_REGION} \ +--from-literal=muxSigningKeyId=${MUX_SIGNING_KEY_ID} \ +--from-literal=strapiAdminEmail=${STRAPI_ADMIN_EMAIL} \ +--from-literal=sendgridApiKey=${SENDGRID_API_KEY} \ +--from-literal=cdnBucketUscUrl=${CDN_BUCKET_USC_URL} \ +--from-literal=transferTokenSalt=${TRANSFER_TOKEN_SALT} + +kubectl --namespace futureporn delete secret realtime --ignore-not-found +kubectl --namespace futureporn create secret generic realtime \ +--from-literal=postgresRealtimeConnectionString=${POSTGRES_REALTIME_CONNECTION_STRING}