diff --git a/deploy/base/app-secret.yaml b/deploy/base/app-secret.yaml new file mode 100644 index 0000000..4b5eea9 --- /dev/null +++ b/deploy/base/app-secret.yaml @@ -0,0 +1,12 @@ +apiVersion: secrets.hashicorp.com/v1beta1 +kind: HCPStaticSecret +metadata: + name: taskarr-ap +spec: + method: GET + mount: secret + path: taskarr/app + destination: + name: taskarr-app + create: true + refreshAfter: 1h diff --git a/deploy/base/cert.yaml b/deploy/base/cert.yaml index 59c8fb8..b3861c0 100644 --- a/deploy/base/cert.yaml +++ b/deploy/base/cert.yaml @@ -1,10 +1,9 @@ apiVersion: cert-manager.io/v1 kind: Certificate metadata: - name: election-tls - namespace: vhsmp + name: taskarr-tls spec: - secretName: election-tls + secretName: taskarr-tls issuerRef: name: letsencrypt-prod kind: ClusterIssuer diff --git a/deploy/base/database-secret.yaml b/deploy/base/database-secret.yaml new file mode 100644 index 0000000..3ba1f42 --- /dev/null +++ b/deploy/base/database-secret.yaml @@ -0,0 +1,13 @@ +apiVersion: secrets.hashicorp.com/v1beta1 +kind: HCPStaticSecret +metadata: + name: taskarr-db +spec: + method: GET + mount: secret + path: taskarr/db + destination: + name: taskarr-db + create: true + refreshAfter: 1h + diff --git a/deploy/base/deployment.yaml b/deploy/base/deployment.yaml index 3c19b08..787a5a5 100644 --- a/deploy/base/deployment.yaml +++ b/deploy/base/deployment.yaml @@ -2,14 +2,13 @@ apiVersion: apps/v1 kind: Deployment metadata: - name: election - namespace: vhsmp + name: taskarr labels: - app: election + app: taskarr spec: selector: matchLabels: - app: election + app: taskarr replicas: 1 strategy: rollingUpdate: @@ -19,13 +18,13 @@ spec: template: metadata: annotations: - kubectl.kubernetes.io/default-container: election + kubectl.kubernetes.io/default-container: taskarr labels: - app: election + app: taskarr spec: containers: - - name: election - image: election + - name: taskarr + image: main imagePullPolicy: IfNotPresent resources: requests: @@ -44,33 +43,33 @@ spec: periodSeconds: 10 ports: - containerPort: 3000 - name: election + name: http env: - name: DATABASE_URL valueFrom: secretKeyRef: - name: election + name: taskarr-app key: DATABASE_URL - name: ORIGIN valueFrom: secretKeyRef: - name: election + name: taskarr-app key: ORIGIN - name: BETTER_AUTH_SECRET valueFrom: secretKeyRef: - name: election + name: taskarr-app key: BETTER_AUTH_SECRET - - name: GITHUB_CLIENT_SECRET + - name: GITEA_CLIENT_SECRET valueFrom: secretKeyRef: - name: election - key: GITHUB_CLIENT_SECRET - - name: GITHUB_CLIENT_ID + name: taskarr-app + key: GITEA_CLIENT_SECRET + - name: GITEA_CLIENT_ID valueFrom: secretKeyRef: - name: election - key: GITHUB_CLIENT_ID + name: taskarr-app + key: GITEA_CLIENT_ID restartPolicy: Always --- diff --git a/deploy/base/ingress.yaml b/deploy/base/ingress.yaml index 5949de6..cb69065 100644 --- a/deploy/base/ingress.yaml +++ b/deploy/base/ingress.yaml @@ -1,19 +1,19 @@ apiVersion: traefik.io/v1alpha1 kind: IngressRoute metadata: - name: election-ingress + name: taskarr-ingress namespace: vhsmp spec: entryPoints: - websecure - web routes: - - match: Host(`election.milasholsting.dk`) + - match: Host(`taskarr.milasholsting.dk`) kind: Rule services: - - name: election + - name: taskarr port: 3000 tls: - secretName: election-tls + secretName: taskarr-tls diff --git a/deploy/base/kustomization.yaml b/deploy/base/kustomization.yaml index 58205e4..2ffb911 100644 --- a/deploy/base/kustomization.yaml +++ b/deploy/base/kustomization.yaml @@ -1,6 +1,6 @@ apiVersion: kustomize.config.k8s.io/v1beta1 kind: Kustomization -namespace: vhsmp +namespace: taskarr resources: - ./deployment.yaml @@ -11,3 +11,5 @@ resources: - ./postgres-service.yaml - ./postgres-storage.yaml - ./postgres.yaml + - ./database-secret.yaml + - ./app-secret.yaml diff --git a/deploy/base/migration-job.yaml b/deploy/base/migration-job.yaml index 44f8eb0..4ae2052 100644 --- a/deploy/base/migration-job.yaml +++ b/deploy/base/migration-job.yaml @@ -2,7 +2,7 @@ apiVersion: batch/v1 kind: Job metadata: - name: election-migration + name: taskarr-migration annotations: # 1. Tells Argo this is a hook to run during sync argocd.argoproj.io/hook: Sync @@ -13,17 +13,17 @@ metadata: # 3. Deletes the job after it succeeds so it can run again next time argocd.argoproj.io/hook-delete-policy: BeforeHookCreation labels: - app: election-migration + app: taskarr-migration spec: template: metadata: - name: election-migration + name: taskarr-migration labels: - app: election-migration + app: taskarr-migration spec: containers: - - name: election-migration - image: election-migration + - name: taskarr-migrator + image: migrator env: - name: DATABASE_URL valueFrom: diff --git a/deploy/base/postgres.yaml b/deploy/base/postgres.yaml index 6427a06..8206bf5 100644 --- a/deploy/base/postgres.yaml +++ b/deploy/base/postgres.yaml @@ -19,11 +19,20 @@ spec: - containerPort: 5432 env: - name: POSTGRES_DB - value: mydatabase + valueFrom: + secretKeyRef: + name: taskarr-db + key: DATABASE - name: POSTGRES_USER - value: user123 + valueFrom: + secretKeyRef: + name: taskarr-db + key: USER - name: POSTGRES_PASSWORD - value: password123 # In production, use a Secret! + valueFrom: + secretKeyRef: + name: taskarr-db + key: PASSWORD volumeMounts: - mountPath: /var/lib/postgresql name: postgredb diff --git a/deploy/base/service.yaml b/deploy/base/service.yaml index 3700791..642aaaa 100644 --- a/deploy/base/service.yaml +++ b/deploy/base/service.yaml @@ -2,14 +2,13 @@ apiVersion: v1 kind: Service metadata: - name: election - namespace: vhsmp + name: taskarr spec: selector: - app: election + app: taskarr type: ClusterIP ports: - - name: election + - name: taskarr protocol: TCP port: 3000 targetPort: 3000 diff --git a/deploy/overlays/production/deployment.yaml b/deploy/overlays/production/deployment.yaml index 6f4721c..84df55b 100644 --- a/deploy/overlays/production/deployment.yaml +++ b/deploy/overlays/production/deployment.yaml @@ -1,16 +1,16 @@ apiVersion: apps/v1 kind: Deployment metadata: - name: election # Must match the name in base/ + name: taskarr # Must match the name in base/ spec: replicas: 2 # Scale up for production template: spec: containers: - - name: election # This name must match base EXACTLY + - name: main # This name must match base EXACTLY ports: # Adding this back into the patch solves the diff - containerPort: 3000 - name: election + name: taskarr # Production-specific resource limits resources: limits: diff --git a/deploy/overlays/production/kustomization.yaml b/deploy/overlays/production/kustomization.yaml index c35bc91..4ed7050 100644 --- a/deploy/overlays/production/kustomization.yaml +++ b/deploy/overlays/production/kustomization.yaml @@ -10,15 +10,15 @@ patches: - path: deployment.yaml target: kind: Deployment - name: election + name: taskarr # 4. Change the namespace for this overlay -namespace: vhsmp +namespace: taskarr images: -- name: election - newName: reg.milasholsting.dk/vhsmp/election - newTag: sha-6017ea9 -- name: election-migration - newName: reg.milasholsting.dk/vhsmp/election-migrator - newTag: sha-6017ea9 +- name: main + newName: reg.milasholsting.dk/taskarr/taskarr + newTag: latest +- name: migrator + newName: reg.milasholsting.dk/taskarr/migrator + newTag: latest