refer to lemontech
ci / build (push) Has been cancelled Details

This commit is contained in:
CJ_Clippy 2024-06-17 18:21:08 -08:00
parent e36d392d29
commit ea6735acf4
11 changed files with 204 additions and 32 deletions

2
.gitignore vendored
View File

@ -1,4 +1,4 @@
**/.env **/.env*
*~ *~
charts/**/charts charts/**/charts

View File

@ -22,3 +22,5 @@ S3 for media storage
Domain Driven Development Domain Driven Development
Test Driven Development Test Driven Development
Tested on VKE v1.30.0+1 (PVCs on other versions may not be fulfilled)

View File

@ -1,41 +1,24 @@
include .env include .env
dev: minikube secrets tilt namespaces:
./scripts/k8s-namespaces.sh
all: bootstrap secrets helmsman
crds:
kubectl apply -f https://github.com/cert-manager/cert-manager/releases/download/v1.14.4/cert-manager.crds.yaml
cert-manager:
kubectl apply -f https://github.com/cert-manager/cert-manager/releases/download/v1.14.4/cert-manager.yaml
secrets: secrets:
./scripts/k8s-secrets.sh ./scripts/k8s-secrets.sh
flux: flux:
flux bootstrap git --url="ssh://git@gitea.futureporn.net:2222/futureporn/fp" --branch=main --path="clusters/production" --private-key-file=/home/cj/.ssh/fp-flux
cluster:
./scripts/kind-with-local-registry.sh
./scripts/k8s-namespaces.sh
./scripts/k8s-secrets.sh
./scripts/k8s-chisel-operator.sh
argo:
helmsman --apply -f ./helmsman.argocd.yaml
helmsman:
helmsman --apply -f ./helmsman.yaml
deploy:
./scripts/k8s-namespaces.sh
./scripts/k8s-secrets.sh
./scripts/flux-bootstrap.sh ./scripts/flux-bootstrap.sh
dev: kind namespaces secrets chisel velero tilt
prod: namespaces secrets velero flux
velero:
./scripts/velero-create.sh
tilt: tilt:
tilt up tilt up -f ./t.wip.tiltfile
define _script define _script
@ -54,9 +37,8 @@ minikube:
minikube addons enable csi-hostpath-driver minikube addons enable csi-hostpath-driver
minikube addons enable metrics-server minikube addons enable metrics-server
kind: kind:
bash -x ./scripts/kind-with-local-registry.sh ./scripts/kind-with-local-registry.sh
chisel: chisel:
./scripts/k8s-chisel-operator.sh ./scripts/k8s-chisel-operator.sh
@ -71,6 +53,7 @@ deps:
sudo systemctl start docker sudo systemctl start docker
usermod -aG docker cj usermod -aG docker cj
newgrp docker newgrp docker
curl -OL 'https://github.com/vmware-tanzu/velero/releases/download/v1.13.2/velero-v1.13.2-linux-amd64.tar.gz'
# A gitea act runner which runs locally # A gitea act runner which runs locally
# https://docs.gitea.com/next/usage/actions/overview # https://docs.gitea.com/next/usage/actions/overview

View File

@ -3,3 +3,4 @@
See ./ARCHITECTURE.md for overview See ./ARCHITECTURE.md for overview
Code for https://futureporn.net Code for https://futureporn.net

View File

@ -10,7 +10,7 @@ spec:
chart: temporal chart: temporal
sourceRef: sourceRef:
kind: HelmRepository kind: HelmRepository
name: temporal name: lemontech
interval: 50m interval: 50m
install: install:
remediation: remediation:

View File

@ -1,7 +1,7 @@
apiVersion: source.toolkit.fluxcd.io/v1beta2 apiVersion: source.toolkit.fluxcd.io/v1beta2
kind: HelmRepository kind: HelmRepository
metadata: metadata:
name: temporal name: lemontech
namespace: futureporn namespace: futureporn
spec: spec:
interval: 5m interval: 5m

View File

@ -0,0 +1,122 @@
apiVersion: velero.io/v1
kind: BackupStorageLocation
metadata:
name: futureporn-velero-4
namespace: velero
spec:
# Name of the object store plugin to use to connect to this location.
#
# Required.
provider: velero/velero-plugin-for-aws
objectStorage:
# The bucket in which to store backups.
#
# Required.
bucket: futureporn-db-backup
# The prefix within the bucket under which to store backups.
#
# Optional.
prefix: velero
# The credentials intended to be used with this location.
# optional (if not set, default credentials secret is used)
credential:
# Key within the secret data which contains the cloud credentials
key: cloud
# Name of the secret containing the credentials
name: velero
config:
# The AWS region where the bucket is located. Queried from the AWS S3 API if not provided.
#
# Optional if s3ForcePathStyle is false.
region: us-west-000
# Whether to use path-style addressing instead of virtual hosted bucket addressing. Set to "true"
# if using a local storage service like MinIO.
#
# Optional (defaults to "false").
s3ForcePathStyle: "true"
# You can specify the AWS S3 URL here for explicitness, but Velero can already generate it from
# "region" and "bucket". This field is primarily for local storage services like MinIO.
#
# Optional.
# s3Url: "http://minio:9000"
s3Url: "https://s3.us-west-000.backblazeb2.com"
# If specified, use this instead of "s3Url" when generating download URLs (e.g., for logs). This
# field is primarily for local storage services like MinIO.
#
# Optional.
# publicUrl: "https://minio.mycluster.com"
# The name of the server-side encryption algorithm to use for uploading objects, e.g. "AES256".
# If using SSE-KMS and "kmsKeyId" is specified, this field will automatically be set to "aws:kms"
# so does not need to be specified by the user.
#
# Optional.
serverSideEncryption: AES256
# Specify an AWS KMS key ID (formatted per the example) or alias (formatted as "alias/<KMS-key-alias-name>"), or its full ARN
# to enable encryption of the backups stored in S3. Only works with AWS S3 and may require explicitly
# granting key usage rights.
#
# Cannot be used in conjunction with customerKeyEncryptionFile.
#
# Optional.
# kmsKeyId: "502b409c-4da1-419f-a16e-eif453b3i49f"
# Specify the file that contains the SSE-C customer key to enable customer key encryption of the backups
# stored in S3. The referenced file should contain a 32-byte string.
#
# The customerKeyEncryptionFile points to a mounted secret within the velero container.
# Add the below values to the velero cloud-credentials secret:
# customer-key: <your_b64_encoded_32byte_string>
# The default value below points to the already mounted secret.
#
# Cannot be used in conjunction with kmsKeyId.
#
# Optional (defaults to "", which means SSE-C is disabled).
# customerKeyEncryptionFile: "/credentials/customer-key"
# Version of the signature algorithm used to create signed URLs that are used by velero CLI to
# download backups or fetch logs. Possible versions are "1" and "4". Usually the default version
# 4 is correct, but some S3-compatible providers like Quobyte only support version 1.
#
# Optional (defaults to "4").
signatureVersion: "1"
# AWS profile within the credentials file to use for the backup storage location.
#
# Optional (defaults to "default").
profile: "sex"
# Set this to "true" if you do not want to verify the TLS certificate when connecting to the
# object store -- like for self-signed certs with MinIO. This is susceptible to man-in-the-middle
# attacks and is not recommended for production.
#
# Optional (defaults to "false").
insecureSkipTLSVerify: "true"
# Set this to "true" if you want to load the credentials file as a [shared config file](https://docs.aws.amazon.com/sdkref/latest/guide/file-format.html).
# This will have no effect if credentials are not specific for a BSL.
#
# Optional (defaults to "false").
enableSharedConfig: "true"
# Tags that need to be placed on AWS S3 objects.
# For example "Key1=Value1&Key2=Value2"
#
# Optional (defaults to empty "")
tagging: ""
# The checksum algorithm to use for uploading objects to S3.
# The Supported values are "CRC32", "CRC32C", "SHA1", "SHA256".
# If the value is set as empty string "", no checksum will be calculated and attached to
# the request headers.
#
# Optional (defaults to "CRC32")
checksumAlgorithm: "CRC32"

View File

@ -4,3 +4,6 @@ source .env
kubectl create namespace cert-manager kubectl create namespace cert-manager
kubectl create namespace futureporn kubectl create namespace futureporn
kubectl create namespace velero
exit 0 # important to keep the Makefile chain going even if namespaces already existed and kubectl returned non-zero

View File

@ -3,6 +3,27 @@
source .env source .env
kubectl --namespace=velero delete secret velero --ignore-not-found
## we do this so helm can adopt our pre-made secret @see https://github.com/helm/helm/pull/7649
cat <<EOF | kubectl --namespace=velero create -f-
---
apiVersion: v1
kind: Secret
metadata:
name: velero
namespace: velero
annotations:
meta.helm.sh/release-namespace: futureporn
labels:
app.kubernetes.io/managed-by: Helm
type: Opaque
data:
aws_access_key_id: $(echo -n $VELERO_S3_KEY_ID | base64)
aws_secret_access_key: $(echo -n $VELERO_S3_ACCESS_KEY | base64)
EOF
kubectl --namespace futureporn delete secret frp --ignore-not-found kubectl --namespace futureporn delete secret frp --ignore-not-found
kubectl --namespace futureporn create secret generic frp \ kubectl --namespace futureporn create secret generic frp \
--from-literal=token=${FRP_TOKEN} --from-literal=token=${FRP_TOKEN}

11
scripts/velero-create.sh Executable file
View File

@ -0,0 +1,11 @@
#!/bin/bash
velero install \
--provider aws \
--bucket futureporn-db-backup \
--plugins velero/velero-plugin-for-aws:v1.10.0 \
--namespace=futureporn \
--secret-file=.env.velero \
--use-volume-snapshots=false \
--backup-location-config region=us-west-000,s3ForcePathStyle="true",s3Url=https://s3.us-west-000.backblazeb2.com

View File

@ -38,6 +38,35 @@ load('ext://helm_remote', 'helm_remote')
# ], # ],
# ) # )
# helm_remote(
# 'velero',
# repo_name='velero',
# repo_url='https://vmware-tanzu.github.io/helm-charts',
# namespace='futureporn',
# version='6.6.0',
# set=[
# 'configuration.backupStorageLocation[0].name=dev',
# 'configuration.backupStorageLocation[0].provider=aws',
# 'configuration.backupStorageLocation[0].bucket=futureporn-db-backup-dev',
# 'configuration.backupStorageLocation[0].config.region=us-west-000',
# 'configuration.backupStorageLocation[0].config.s3ForcePathStyle=true',
# 'configuration.backupStorageLocation[0].config.s3Url=https://s3.us-west-000.backblazeb2.com',
# 'credentials.secretContents=cloud\n[default]\naws_access_key_id=AAAA\naws_secret_access_key=BBBB',
# 'snapshotsEnabled=false',
# # --set configuration.backupStorageLocation[0].name=<BACKUP STORAGE LOCATION NAME> \
# # --set configuration.backupStorageLocation[0].provider=<PROVIDER NAME> \
# # --set configuration.backupStorageLocation[0].bucket=<BUCKET NAME> \
# # --set configuration.backupStorageLocation[0].config.region=<REGION> \
# # --set configuration.volumeSnapshotLocation[0].name=<VOLUME SNAPSHOT LOCATION NAME> \
# # --set configuration.volumeSnapshotLocation[0].provider=<PROVIDER NAME> \
# # --set configuration.volumeSnapshotLocation[0].config.region=<REGION> \
# # --set initContainers[0].name=velero-plugin-for-<PROVIDER NAME> \
# # --set initContainers[0].image=velero/velero-plugin-for-<PROVIDER NAME>:<PROVIDER PLUGIN TAG> \
# # --set initContainers[0].volumeMounts[0].mountPath=/target \
# # --set initContainers[0].volumeMounts[0].name=plugins
# ]
# )
helm_remote( helm_remote(
'temporal', 'temporal',
repo_name='temporal', repo_name='temporal',