2024-05-10 09:36:32 +00:00
|
|
|
#!/bin/bash -e
|
|
|
|
|
set -o pipefail
|
|
|
|
|
|
|
|
|
|
function kapply() {
|
|
|
|
|
for f in "$@"; do
|
2024-12-23 02:44:15 +00:00
|
|
|
kubectl apply -f <(envsubst < "manifests/$f")
|
2024-05-10 09:36:32 +00:00
|
|
|
done
|
2024-12-23 02:44:15 +00:00
|
|
|
}; export -f kapply
|
2024-05-10 09:36:32 +00:00
|
|
|
|
|
|
|
|
function kcreatesec() {
|
|
|
|
|
kubectl create secret generic --save-config --dry-run=client -oyaml "$@" | kubectl apply -f-
|
2024-12-23 02:44:15 +00:00
|
|
|
}; export -f kcreatesec
|
2024-05-10 09:36:32 +00:00
|
|
|
|
|
|
|
|
function kcreatecm() {
|
|
|
|
|
kubectl create configmap --dry-run=client -oyaml "$@" | kubectl apply -f-
|
2024-12-23 02:44:15 +00:00
|
|
|
}; export -f kcreatecm
|
2024-05-10 09:36:32 +00:00
|
|
|
|
|
|
|
|
function kgseckey() {
|
|
|
|
|
local sec="$1"; shift
|
|
|
|
|
local key="$1"; shift
|
|
|
|
|
|
2024-12-23 02:44:15 +00:00
|
|
|
if ! kubectl get secret "$sec" -ojson | jq -re ".data.\"$key\" // empty" | base64 -d; then
|
|
|
|
|
return 1
|
|
|
|
|
fi
|
|
|
|
|
}; export -f kgseckey
|
2024-05-10 09:36:32 +00:00
|
|
|
|
|
|
|
|
function kgcmkey() {
|
2024-12-23 02:44:15 +00:00
|
|
|
local cm="$1"; shift
|
2024-05-10 09:36:32 +00:00
|
|
|
local key="$1"; shift
|
|
|
|
|
|
2024-12-23 02:44:15 +00:00
|
|
|
if ! kubectl get configmap "$cm" -ojson | jq -re ".data.\"$key\" // empty"; then
|
|
|
|
|
return 1
|
|
|
|
|
fi
|
|
|
|
|
}; export -f kgcmkey
|
2024-05-10 09:36:32 +00:00
|
|
|
|
|
|
|
|
|
|
|
|
|
kapply common/db.yaml
|
|
|
|
|
|
2024-12-23 02:44:15 +00:00
|
|
|
export REDIS_HOST=valkey
|
2024-05-10 09:36:32 +00:00
|
|
|
export REDIS_DB=0
|
|
|
|
|
export REDIS_PORT=6379
|
|
|
|
|
export POSTGRES_HOST; POSTGRES_HOST="$(kgseckey postgres-app host)"
|
|
|
|
|
export POSTGRES_PORT; POSTGRES_PORT="$(kgseckey postgres-app port)"
|
|
|
|
|
export POSTGRES_DB; POSTGRES_DB="$(kgseckey postgres-app dbname)"
|
|
|
|
|
export POSTGRES_USER; POSTGRES_USER="$(kgseckey postgres-app user)"
|
|
|
|
|
export POSTGRES_PASSWORD; POSTGRES_PASSWORD="$(kgseckey postgres-app password)"
|
|
|
|
|
|
2024-12-23 02:44:15 +00:00
|
|
|
# shellcheck disable=SC1090,SC2016
|
|
|
|
|
. <(kubectl run -i --rm --image "$IMAGEAPP" secrets -- bash <<< 'echo SECRET_KEY="$(gitea generate secret SECRET_KEY)" INTERNAL_TOKEN="$(gitea generate secret INTERNAL_TOKEN)" JWT_SECRET="$(gitea generate secret JWT_SECRET)"' | head -n1)
|
2024-05-10 09:36:32 +00:00
|
|
|
|
2024-12-23 02:44:15 +00:00
|
|
|
kcreatesec gitea \
|
|
|
|
|
--from-literal=secret_key="$(kgseckey gitea secret_key || echo "$SECRET_KEY")" \
|
|
|
|
|
--from-literal=internal_token="$(kgseckey gitea internal_token || echo "$INTERNAL_TOKEN")" \
|
|
|
|
|
--from-literal=oauth2_jwt_secret="$(kgseckey gitea oauth2_jwt_secret || echo "$JWT_SECRET")"
|
2024-05-10 09:36:32 +00:00
|
|
|
|
2024-12-23 02:44:15 +00:00
|
|
|
kcreatecm gitea \
|
|
|
|
|
--from-file=app.ini=<(envsubst < config/app.ini)
|
2024-05-10 09:36:32 +00:00
|
|
|
|
|
|
|
|
kapply common/job.yaml \
|
2024-12-23 02:44:15 +00:00
|
|
|
common/valkey.yaml \
|
2024-05-10 09:36:32 +00:00
|
|
|
common/app.yaml
|
|
|
|
|
|
|
|
|
|
kubectl rollout restart statefulset app
|
|
|
|
|
|
2024-12-23 02:44:15 +00:00
|
|
|
kubectl rollout status statefulset app
|
|
|
|
|
kubectl wait --timeout=5m --for=condition=complete job/migrate
|
2024-05-15 16:48:27 +00:00
|
|
|
|
2024-12-23 02:44:15 +00:00
|
|
|
./manifests/bin/createadmin.sh gitea
|
|
|
|
|
./manifests/bin/createadmin.sh renovate 'write:repository,read:user,write:issue,read:organization'
|
2024-05-15 15:49:04 +00:00
|
|
|
|
2024-12-23 02:44:15 +00:00
|
|
|
kcreatesec runner \
|
|
|
|
|
--from-literal=token="$(kgseckey runner token || kubectl exec statefulset/app -- gitea actions generate-runner-token)"
|
|
|
|
|
|
|
|
|
|
kapply common/runner.yaml common/renovate.yaml
|
|
|
|
|
|
|
|
|
|
kubectl rollout restart statefulset runner
|
